Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
phpthumb vulnerabilities and exploits
(subscribe to this query)
5
CVSSv2
CVE-2005-1898
The passthrough functionality in phpThumb.php in phpThumb() prior to 1.5.4 allows remote malicious users to read files that are not images.
Phpthumb Phpthumb 1.5.3
Phpthumb Phpthumb 1.5
Phpthumb Phpthumb 1.5.1
Phpthumb Phpthumb 1.5.2
4.3
CVSSv2
CVE-2013-6919
The default configuration of phpThumb prior to 1.7.12 has a false value for the disable_debug option, which allows remote malicious users to conduct Server-Side Request Forgery (SSRF) attacks via the src parameter.
Phpthumb Project Phpthumb
1 Github repository
4.3
CVSSv2
CVE-2016-10508
Multiple cross-site scripting (XSS) vulnerabilities in phpThumb() prior to 1.7.14 allow remote malicious users to inject arbitrary web script or HTML via parameters in demo/phpThumb.demo.showpic.php.
Phpthumb Project Phpthumb
4.3
CVSSv2
CVE-2012-2910
Multiple cross-site scripting (XSS) vulnerabilities in SiliSoftware phpThumb() 1.7.11 allow remote malicious users to inject arbitrary web script or HTML via the (1) dir parameter to demo/phpThumb.demo.random.php or (2) title parameter to demo/phpThumb.demo.showpic.php.
Silisoftware Phpthumb\\(\\) 1.7.11
2 EDB exploits
6.8
CVSSv2
CVE-2010-1598
phpThumb.php in phpThumb() 1.7.9 and possibly other versions, when ImageMagick is installed, allows remote malicious users to execute arbitrary commands via the fltr[] parameter, as discovered in the wild in April 2010. NOTE: the provenance of this information is unknown; the det...
Silisoftware Phpthumb\\(\\) 1.7.9
1 Github repository
5
CVSSv2
CVE-2014-100009
The Joomlaskin JS Multi Hotel (aka JS MultiHotel and Js-Multi-Hotel) plugin 2.2.1 and previous versions for WordPress allows remote malicious users to obtain the installation path via a request to (1) functions.php, (2) myCalendar.php, (3) refreshDate.php, (4) show_image.php, (5)...
Joomlaskin Js Multi Hotel
5
CVSSv2
CVE-2019-1010123
MODX Revolution Gallery 1.7.0 is affected by: CWE-434: Unrestricted Upload of File with Dangerous Type. The impact is: Creating file with custom a filename and content. The component is: Filtering user parameters before passing them into phpthumb class. The attack vector is: web ...
Modx Modx Revolution
6.5
CVSSv2
CVE-2018-1000207
MODX Revolution version <=2.6.4 contains a Incorrect Access Control vulnerability in Filtering user parameters before passing them into phpthumb class that can result in Creating file with custom a filename and content. This attack appear to be exploitable via Web request. Thi...
Modx Modx Revolution
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3661
open redirect
CVE-2024-25512
CVE-2024-33788
command injection
SSTI
CVE-2024-0043
CVE-2024-29210
CVE-2024-25510
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started