Summary
The host is running phpThumb and is prone to command injection vulnerability.
Impact
Successful exploitation will allow attacker to inject and execute arbitrary shell commands via specially crafted requests in the context of the web server.
Impact Level: Application
Solution
Upgrade to version 1.7.9 or later,
For updates refer to http://phpthumb.sourceforge.net/#download
Insight
The flaw is caused by improper validation of user-supplied input via the 'fltr[]' parameter to 'phpThumb.php', which allow attackers to inject and execute arbitrary shell commands via specially crafted requests.
Affected
phpThumb Version 1.7.9
References
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2010-1598 -
CVSS Base Score: 6.8
AV:N/AC:M/Au:N/C:P/I:P/A:P
Related Vulnerabilities
- Apache Rave User Information Disclosure Vulnerability
- Apache Struts2 'XWork' Information Disclosure Vulnerability
- Apache Solr XML External Entity(XXE) Vulnerability-01 Jan-14
- Andy's PHP Knowledgebase Multiple Cross-Site Scripting Vulnerabilities
- Allegro RomPager HTTP Referer Header Cross Site Scripting Vulnerability