CVE-2010-1598
IN THE WILDphpThumb() - Remote Code Execution via fltr[] Parameter
Title source: llmExploitation Summary
CVE-2010-1598 has been observed exploited in the wild (reported by InTheWild.io).
Description
phpThumb.php in phpThumb() 1.7.9 and possibly other versions, when ImageMagick is installed, allows remote attackers to execute arbitrary commands via the fltr[] parameter, as discovered in the wild in April 2010. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
References (6)
Core 6
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/39605
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/57038
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/39556
Various Sources x_refsource_confirm
http://modx.com/blog/2014/01/21/revolution-2.2.11%E2%80%94security-fixes-and-prevent-change-loss
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/58040
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://osvdb.org/63939
Scores
EPSS
0.0175
EPSS Percentile
75.2%
Details
InTheWild.io
2017-08-17
CWE
CWE-20
Status
published
Products (1)
silisoftware/phpthumb\(\)
1.7.9
Published
Apr 29, 2010
Tracked Since
Feb 18, 2026