CVE-2025-52994

Sažetak

gif_outputAsJpeg in phpThumb through 1.7.23 allows phpthumb.gif.php OS Command Injection via a crafted parameter value. This is fixed in 1.7.23-202506081709.

Reference

https://github.com/JamesHeinrich/phpThumb/commit/cdcbc206ae601b15fd17e7aadf59df51149a0e82
https://github.com/JamesHeinrich/phpThumb/releases
https://safety-online.pl/cve-2025-52994/

CVSS

Base:	4.9
Impact:	2.7
Exploitability:	1.8

Pristup

Vektor	Složenost	Autentikacija
NETWORK	HIGH	LOW

Impact

Povjerljivost	Cjelovitost	Dostupnost
LOW	LOW	NONE

CVSS vektor

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:N

Zadnje važnije ažuriranje

11-07-2025 - 15:15

Objavljeno

11-07-2025 - 15:15