Primary

Context

phpThumb OS Command Injection Vulnerability in gif_outputAsJpeg Function

Vulnerability

Patched

A command injection vulnerability has been identified in the phpThumb library, specifically in versions prior to 1.7.23. The issue arises in the gif_outputAsJpeg function, where a crafted parameter can be used to inject and execute arbitrary operating system commands. This vulnerability allows for unauthorized code execution on the server.

Impact

Exploitation of this vulnerability allows for arbitrary code execution on the server where phpThumb is used.

Remediation

Users are advised to update phpThumb to version 1.7.23-202506081709 or later.

Added: Jul 11, 2025, 4:15 PM

Updated: Jul 11, 2025, 4:15 PM

Vulnerability Rating

Custom Algorithm

spread

2.4

impact

2.5

exploitability

4.0

remediation

7.7

relevance

0.2

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

2.4

impact

2.5

exploitability

4.0

remediation

7.7

relevance

0.2

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

phpThumb OS Command Injection Vulnerability in gif_outputAsJpeg Function

Vulnerability

Impact

Remediation

Affected Products

JamesHeinrich phpThumb

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating