Phpthumb Project: >> Phpthumb >> 1.7.11 Security Vulnerabilities
Multiple cross-site scripting (XSS) vulnerabilities in phpThumb() before 1.7.14 allow remote attackers to inject arbitrary web script or HTML via parameters in demo/phpThumb.demo.showpic.php.
CVSS Score
6.1
EPSS Score
0.002
Published
2017-08-31
The default configuration of phpThumb before 1.7.12 has a false value for the disable_debug option, which allows remote attackers to conduct Server-Side Request Forgery (SSRF) attacks via the src parameter.
CVSS Score
4.3
EPSS Score
0.002
Published
2014-12-27