CVE-2013-6919

Published December 27th, 2014

View on NVD ↗

CVSS v3

N/A

CVSS v2

4.3

MEDIUM

Affected

PROJECT

Description

The default configuration of phpThumb before 1.7.12 has a false value for the disable_debug option, which allows remote attackers to conduct Server-Side Request Forgery (SSRF) attacks via the src parameter.

JamesHeinrich/phpThumb

phpThumb() - The PHP thumbnail generator

GitHub

317