CVE-2010-1598

IN THE WILD

phpThumb() - Remote Code Execution via fltr[] Parameter

Title source: llm
STIX 2.1

Exploitation Summary

CVE-2010-1598 has been observed exploited in the wild (reported by InTheWild.io).

Description

phpThumb.php in phpThumb() 1.7.9 and possibly other versions, when ImageMagick is installed, allows remote attackers to execute arbitrary commands via the fltr[] parameter, as discovered in the wild in April 2010. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

References (6)

Core 6
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/39605
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/57038
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/39556
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/58040
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://osvdb.org/63939

Scores

EPSS 0.0175
EPSS Percentile 75.2%

Details

InTheWild.io 2017-08-17
CWE
CWE-20
Status published
Products (1)
silisoftware/phpthumb\(\) 1.7.9
Published Apr 29, 2010
Tracked Since Feb 18, 2026