CVE-2005-1898

The passthrough functionality in phpThumb.php in phpThumb before 1.5.4 allows remote attackers to read files that are not images...

CVE-2025-52994

gifoutputAsJpeg in phpThumb through 1.7.23 allows phpthumb.gif.php OS Command Injection via a crafted parameter value. This is fixed in 1.7.23-202506081709...

PT-2025-29244 · Phpthumb · Phpthumb

Name of the Vulnerable Software and Affected Versions: phpThumb versions through 1.7.23 Description: The gif outputAsJpeg function in phpThumb through version 1.7.23 allows for OS Command Injection via a crafted parameter value in phpthumb.gif.php. This issue is addressed in version...

CVE-2025-52994

gifoutputAsJpeg in phpThumb through 1.7.23 allows phpthumb.gif.php OS Command Injection via a crafted parameter value. This is fixed in 1.7.23-202506081709...

CVE-2025-52994

gifoutputAsJpeg in phpThumb through 1.7.23 allows phpthumb.gif.php OS Command Injection via a crafted parameter value. This is fixed in 1.7.23-202506081709...

CVE-2024-5409

RhinOS 3.0-1190 is vulnerable to an XSS via the "tamper" parameter in /admin/lib/phpthumb/phpthumb.php. An attacker could create a malicious URL and send it to a victim to obtain their session details...

thegeneanddaveshow.com XSS vulnerability

Open Bug Bounty ID: OBB-48401 Description| Value ---|--- Affected Website:| thegeneanddaveshow.com Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Remediation Guide:| OWASP XSS Prevention...

Directory traversal

Directory traversal vulnerability in phpThumb.php in PinkCrow Designs Gallery or maGAZIn 2.0 allows remote attackers to read arbitrary files via a .. dot dot in the src parameter...