ID CVE-2013-6919
Summary The default configuration of phpThumb before 1.7.12 has a false value for the disable_debug option, which allows remote attackers to conduct Server-Side Request Forgery (SSRF) attacks via the src parameter. <a href="http://cwe.mitre.org/data/definitions/918.html">CWE-918: Server-Side Request Forgery (SSRF)</a>
References
Vulnerable Configurations
  • cpe:2.3:a:phpthumb_project:phpthumb:1.7.11:*:*:*:*:*:*:*
    cpe:2.3:a:phpthumb_project:phpthumb:1.7.11:*:*:*:*:*:*:*
CVSS
Base: 4.3 (as of 29-12-2014 - 23:08)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
NONE PARTIAL NONE
cvss-vector via4 AV:N/AC:M/Au:N/C:N/I:P/A:N
refmap via4
confirm https://github.com/JamesHeinrich/phpThumb/blob/master/docs/phpthumb.changelog.txt
misc http://www.rafayhackingarticles.net/2013/11/phpthumb-server-side-request-forgery.html
Last major update 29-12-2014 - 23:08
Published 27-12-2014 - 18:59
Last modified 29-12-2014 - 23:08
Back to Top