CVE Vulnerabilities

CVE-2013-6919

Published: Dec 27, 2014 | Modified: Dec 29, 2014
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
4.3 MEDIUM
AV:N/AC:M/Au:N/C:N/I:P/A:N
RedHat/V2
RedHat/V3
Ubuntu

The default configuration of phpThumb before 1.7.12 has a false value for the disable_debug option, which allows remote attackers to conduct Server-Side Request Forgery (SSRF) attacks via the src parameter.

Affected Software

Name Vendor Start Version End Version
Phpthumb Phpthumb_project * 1.7.11

References