Skip to main content

Phpthumb

3 CVEs product

Monthly

CVE-2016-10508 MEDIUM PATCH This Month

Multiple cross-site scripting (XSS) vulnerabilities in phpThumb() before 1.7.14 allow remote attackers to inject arbitrary web script or HTML via parameters in demo/phpThumb.demo.showpic.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS PHP Phpthumb
NVD GitHub
CVSS 3.0
6.1
EPSS
0.2%
CVE-2013-6919 PHP MEDIUM POC PATCH This Month

The default configuration of phpThumb before 1.7.12 has a false value for the disable_debug option, which allows remote attackers to conduct Server-Side Request Forgery (SSRF) attacks via the src. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available.

SSRF Phpthumb
NVD GitHub
CVSS 2.0
4.3
EPSS
0.4%
CVE-2012-2910 MEDIUM POC This Month

Multiple cross-site scripting (XSS) vulnerabilities in SiliSoftware phpThumb() 1.7.11 allow remote attackers to inject arbitrary web script or HTML via the (1) dir parameter to. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

PHP XSS Phpthumb
NVD Exploit-DB
CVSS 2.0
4.3
EPSS
1.5%
EPSS 0% CVSS 6.1
MEDIUM PATCH This Month

Multiple cross-site scripting (XSS) vulnerabilities in phpThumb() before 1.7.14 allow remote attackers to inject arbitrary web script or HTML via parameters in demo/phpThumb.demo.showpic.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS PHP Phpthumb
NVD GitHub
EPSS 0% CVSS 4.3
MEDIUM POC PATCH This Month

The default configuration of phpThumb before 1.7.12 has a false value for the disable_debug option, which allows remote attackers to conduct Server-Side Request Forgery (SSRF) attacks via the src. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available.

SSRF Phpthumb
NVD GitHub
EPSS 1% CVSS 4.3
MEDIUM POC This Month

Multiple cross-site scripting (XSS) vulnerabilities in SiliSoftware phpThumb() 1.7.11 allow remote attackers to inject arbitrary web script or HTML via the (1) dir parameter to. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

PHP XSS Phpthumb
NVD Exploit-DB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy