CNNVD-202507-1664 Information

CNNVD ID

CNNVD-202507-1664

Related CVE

CVE-2025-52994

• CNNVD Published: 2025-07-11

Description (Chinese)

phpThumb是James Heinrich个人开发者的一个PHP缩略图生成器。 phpThumb 1.7.23及之前版本存在操作系统命令注入漏洞，该漏洞源于参数值处理不当，可能导致OS命令注入。

Description (English)

phpThumb is a PHP thumbnail generator of James Heinrich’s personal developer. The phpThumb 1.7.23 and previous versions contain a loophole in the operating system command, which arises from the mishandling of parameter values, which may lead to an OS command injection.

Hazard Level

High

Vulnerability Type

操作系统命令注入

Affected Vendor

Live Support

Published

2025-07-11

Last Modified

2026-02-24

References

https://github.com/JamesHeinrich/phpThumb/commit/cdcbc206ae601b15fd17e7aadf59df51149a0e82 https://github.com/JamesHeinrich/phpThumb/releases https://safety-online.pl/cve-2025-52994/ https://access.redhat.com/security/cve/cve-2025-52994