Vulnerability Details CVE-2013-6919
The default configuration of phpThumb before 1.7.12 has a false value for the disable_debug option, which allows remote attackers to conduct Server-Side Request Forgery (SSRF) attacks via the src parameter.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 46.2%
CVSS Severity
CVSS v2 Score 4.3
References
- http://www.rafayhackingarticles.net/2013/11/phpthumb-server-side-request-forgery.html
- https://github.com/JamesHeinrich/phpThumb/blob/master/docs/phpthumb.changelog.txt
- http://www.rafayhackingarticles.net/2013/11/phpthumb-server-side-request-forgery.html
- https://github.com/JamesHeinrich/phpThumb/blob/master/docs/phpthumb.changelog.txt
Products affected by CVE-2013-6919
-
cpe:2.3:a:phpthumb_project:phpthumb:1.7.11