Description

An image resizing utility named timthumb is widely used by many WordPress themes and plugins. Some versions of this utility contain a security vulnerability that allows hackers to upload and execute arbitrary PHP code in your timthumb cache directory. Acunetix identified that your blog contains a vulnerable version of this utility. It's recommended to immediately upgrade to the latest version.

Remediation

Upgrade to the latest version of timthumb.php. Version 1.34 is the first version that contains the fixed code.

References

TimThumb Remote Code Execution

timthumb

Related Vulnerabilities

CubeCart Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2017-2117)

Ruby Cryptographic Issues Vulnerability (CVE-2011-2686)

Apache Tomcat Other Vulnerability (CVE-2007-6286)

ATutor Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2019-11446)

WebLogic CVE-2016-5531 Vulnerability (CVE-2016-5531)

Severity

High

Classification

CVE-2011-4106 CWE-20 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Tags

Code Execution Known Vulnerabilities