Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories: GSA_kwCzR0hTQS0zNzQ3LWdqYzktdnZnNs4AAd7k

phpThumb is vulnerable to Server-Side Request Forgery (SSRF)

The default configuration of phpThumb before 1.7.12 has a false value for the disable_debug option, which allows remote attackers to conduct Server-Side Request Forgery (SSRF) attacks via the src parameter.

Permalink: https://github.com/advisories/GHSA-3747-gjc9-vvg6
JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS0zNzQ3LWdqYzktdnZnNs4AAd7k
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: over 2 years ago
Updated: over 1 year ago


EPSS Percentage: 0.00246
EPSS Percentile: 0.64865

Identifiers: GHSA-3747-gjc9-vvg6, CVE-2013-6919
References: Repository: https://github.com/JamesHeinrich/phpThumb
Blast Radius: 0.0

Affected Packages

packagist:james-heinrich/phpthumb
Dependent packages: 5
Dependent repositories: 28
Downloads: 359,346 total
Affected Version Ranges: < 1.7.12
Fixed in: 1.7.12
All affected versions:
All unaffected versions: 1.7.12, 1.7.13, 1.7.14, 1.7.15, 1.7.16, 1.7.17, 1.7.18, 1.7.19, 1.7.20, 1.7.21, 1.7.22