PhpThumb 'fltr[]' Parameter Command Injection Vulnerability Network Vulnerability

Summary

The host is running phpThumb and is prone to command injection vulnerability.

Impact

Successful exploitation will allow attacker to inject and execute arbitrary shell commands via specially crafted requests in the context of the web server. Impact Level: Application

Solution

Upgrade to version 1.7.9 or later, For updates refer to http://phpthumb.sourceforge.net/#download

Insight

The flaw is caused by improper validation of user-supplied input via the 'fltr[]' parameter to 'phpThumb.php', which allow attackers to inject and execute arbitrary shell commands via specially crafted requests.

Affected

phpThumb Version 1.7.9

References

http://osvdb.org/63939
http://secunia.com/advisories/39556
http://xforce.iss.net/xforce/xfdb/58040

Updated on 2015-03-25

Severity

Classification

CVE CVE-2010-1598

CVSS	Base Score: 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P

Related Vulnerabilities

APC PowerChute Network Shutdown HTTP Response Splitting Vulnerability
Aker Secure Mail Gateway Cross-Site Scripting Vulnerability
Adobe BlazeDS XML and XML External Entity Injection Vulnerabilities
Apache Web Server Linefeed Memory Allocation Denial Of Service Vulnerability
Ampache Reflected Cross Site Scripting Vulnerability

phpThumb 'fltr[]' Parameter Command Injection Vulnerability

Take action and discover your vulnerabilities