CVE-2013-6919

The default configuration of phpThumb before 1.7.12 has a false value for the disable_debug option, which allows remote attackers to conduct Server-Side Request Forgery (SSRF) attacks via the src parameter.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
4.3 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:N/I:P/A:N
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 46%
VendorProductVersion
phpthumb_projectphpthumb
𝑥
≤ 1.7.11
𝑥
= Vulnerable software versions
References
http://www.rafayhackingarticles.net/2013/11/phpthumb-server-side-request-forgery.html
https://github.com/JamesHeinrich/phpThumb/blob/master/docs/phpthumb.changelog.txt
http://www.rafayhackingarticles.net/2013/11/phpthumb-server-side-request-forgery.html
https://github.com/JamesHeinrich/phpThumb/blob/master/docs/phpthumb.changelog.txt