CVE-2013-6919

The default configuration of phpThumb before 1.7.12 has a false value for the disable_debug option, which allows remote attackers to conduct Server-Side Request Forgery (SSRF) attacks via the src parameter.

Published: Dec 27, 2014
Updated: Apr 13, 2023
CVE: CVE-2013-6919
Severity: Low
Exploit:

CVSS v2:

Severity: Low
Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
phpthumb_project / phpthumb	-	1.7.11.x

http://www.rafayhackingarticles.net/2013/11/phpthumb-server-side-request-forgery.html
https://github.com/JamesHeinrich/phpThumb/blob/master/docs/phpthumb.changelog.txt

Vulnerability Database

290,278

CVE-2013-6919