Rafay

**Name of the Vulnerable Software and Affected Versions** phpThumb versions prior to 1.7.12 **Description** The issue concerns the default configuration of phpThumb, where the disable debug option is set to false, allowing remote attackers to conduct Server-Side Request Forgery (SSRF) attacks. This is achieved by exploiting the `src` parameter. **Recommendations** For versions prior to 1.7.12, update to version 1.7.12 or later to resolve the issue. As a temporary workaround, consider setting the disable debug option to true to prevent SSRF attacks via the `src` parameter.