Vulnerability Details : CVE-2010-1598
phpThumb.php in phpThumb() 1.7.9 and possibly other versions, when ImageMagick is installed, allows remote attackers to execute arbitrary commands via the fltr[] parameter, as discovered in the wild in April 2010. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Vulnerability category: Input validation
Exploit prediction scoring system (EPSS) score for CVE-2010-1598
Probability of exploitation activity in the next 30 days: 1.14%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 83 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2010-1598
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
|---|---|---|---|---|---|
|
6.8
|
MEDIUM | AV:N/AC:M/Au:N/C:P/I:P/A:P |
8.6
|
6.4
|
NIST |
CWE ids for CVE-2010-1598
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: nvd@nist.gov (Primary)
References for CVE-2010-1598
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/58040
phpThumb() phpThumb.php command execution CVE-2010-1598 Vulnerability Report
-
http://www.securityfocus.com/bid/39605
phpThumb() 'fltr[]' Parameter Command Injection Vulnerability
-
http://modx.com/blog/2014/01/21/revolution-2.2.11%E2%80%94security-fixes-and-prevent-change-loss
Revolution 2.2.11—Security Fixes and Prevent Change Loss | MODX
Products affected by CVE-2010-1598
- cpe:2.3:a:silisoftware:phpthumb\(\):1.7.9:*:*:*:*:*:*:*