Lucene search

[email protected]CVE-2013-6919

HistoryDec 27, 2014 - 6:59 p.m.

CVE-2013-6919

2014-12-2718:59:07

[email protected]

web.nvd.nist.gov

nvd

phpthumb

cve-2013-6919

security

ssrf

server-side request forgery

disable_debug

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

7 High

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

64.9%

JSON

The default configuration of phpThumb before 1.7.12 has a false value for the disable_debug option, which allows remote attackers to conduct Server-Side Request Forgery (SSRF) attacks via the src parameter.

Affected configurations

NVD

Node

phpthumb_projectphpthumbRange≤1.7.11

CPENameOperatorVersion
phpthumb_project:phpthumbphpthumb project phpthumble1.7.11

CPE	Name	Operator	Version
phpthumb_project:phpthumb	phpthumb project phpthumb	le	1.7.11

References

www.rafayhackingarticles.net/2013/11/phpthumb-server-side-request-forgery.html

github.com/JamesHeinrich/phpThumb/blob/master/docs/phpthumb.changelog.txt

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

7 High

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

64.9%

JSON

Related for CVE-2013-6919

nvd1 cvelist1 prion1 osv1 github1