JamesHeinrich/phpThumb

JamesHeinrich/phpThumb

Releases13

Frequency11 months 6 days

Last Release 10 months ago

Stars317

phpThumb() - The PHP thumbnail generator

Log in to subscribe

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2025-52994 ↗	Jul 11, 2025Friday, 11 July 2025, 15:15	4.9 MEDIUM	—
gif_outputAsJpeg in phpThumb through 1.7.23 allows phpthumb.gif.php OS Command Injection via a crafted parameter value. This is fixed in 1.7.23-202506081709.
CVE-2016-10508 ↗	Aug 31, 2017Thursday, 31 August 2017, 20:29	—	4.3 MEDIUM
Multiple cross-site scripting (XSS) vulnerabilities in phpThumb() before 1.7.14 allow remote attackers to inject arbitrary web script or HTML via parameters in demo/phpThumb.demo.showpic.php.
CVE-2013-6919 ↗	Dec 27, 2014Saturday, 27 December 2014, 18:59	—	4.3 MEDIUM
The default configuration of phpThumb before 1.7.12 has a false value for the disable_debug option, which allows remote attackers to conduct Server-Side Request Forgery (SSRF) attacks via the src parameter.