James Heinrich

3 exploits Active since Dec 2014
CVE-2013-6919 WRITEUP WRITEUP
phpthumb < 1.7.12 - Server-Side Request Forgery via src Parameter
The default configuration of phpThumb before 1.7.12 has a false value for the disable_debug option, which allows remote attackers to conduct Server-Side Request Forgery (SSRF) attacks via the src parameter.
CVE-2021-40926 WRITEUP MEDIUM STUB
getID3 - Cross-Site Scripting via showtagfiles Parameter
Cross-site scripting (XSS) vulnerability in demos/demo.mysqli.php in getID3 1.X and v2.0.0-beta allows remote attackers to inject arbitrary web script or HTML via the showtagfiles parameter.
CVSS 6.1
CVE-2025-52994 WRITEUP MEDIUM WRITEUP
phpThumb < 1.7.23 - OS Command Injection via gif_outputAsJpeg Parameter
gif_outputAsJpeg in phpThumb through 1.7.23 allows phpthumb.gif.php OS Command Injection via a crafted parameter value. This is fixed in 1.7.23-202506081709.
CVSS 4.9