Lucene search

[email protected]CVE-2010-1598

HistoryApr 29, 2010 - 4:30 p.m.

CVE-2010-1598

2010-04-2916:30:00

CWE-20

[email protected]

web.nvd.nist.gov

cve-2010-1598

phpthumb.php

imagemagick

remote code execution

security vulnerability

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

7.5 High

AI Score

Confidence

Low

0.011 Low

EPSS

Percentile

84.8%

JSON

phpThumb.php in phpThumb() 1.7.9 and possibly other versions, when ImageMagick is installed, allows remote attackers to execute arbitrary commands via the fltr[] parameter, as discovered in the wild in April 2010. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

Affected configurations

NVD

Node

silisoftwarephpthumb\(\)Match1.7.9

CPENameOperatorVersion
silisoftware:phpthumb\(\)silisoftware phpthumb()eq1.7.9

CPE	Name	Operator	Version
silisoftware:phpthumb\(\)	silisoftware phpthumb()	eq	1.7.9

References

modx.com/blog/2014/01/21/revolution-2.2.11%E2%80%94security-fixes-and-prevent-change-loss

osvdb.org/63939

secunia.com/advisories/39556

secunia.com/advisories/57038

www.securityfocus.com/bid/39605

exchange.xforce.ibmcloud.com/vulnerabilities/58040

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

7.5 High

AI Score

Confidence

Low

0.011 Low

EPSS

Percentile

84.8%

JSON

Related for CVE-2010-1598

prion1 seebug1 cvelist1 openvas2 nvd1 packetstorm1