Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2013-6919

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2013-6919
Last Modified 29 Dec 2014 06:08:54
Published 27 Dec 2014 01:59:07
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2013-6919

Summary

The default configuration of phpThumb before 1.7.12 has a false value for the disable_debug option, which allows remote attackers to conduct Server-Side Request Forgery (SSRF) attacks via the src parameter.

Vulnerable Systems

Application

  • Phpthumb Project Phpthumb 1.7.11


References

CONFIRM - https://github.com/JamesHeinrich/phpThumb/blob/master/docs/phpthumb.changelog.txt

MISC - http://www.rafayhackingarticles.net/2013/11/phpthumb-server-side-request-forgery.html


Last Updated: 27 May 2016 11:07:22