Vulnerabilities

CVE-2011-4106

by Fred · 26/10/2013

TimThumb (timthumb.php) before 2.0 does not validate the entire source with the domain white list, which allows remote attackers to upload and execute arbitrary code via a URL containing a white-listed domain in the src parameter, then accessing it via a direct request to the file in the cache directory, as exploited in the wild in August 2011.

Date published : 2013-10-26

http://code.google.com/p/timthumb/issues/detail?id=212

http://www.binarymoon.co.uk/2011/08/timthumb-2/

Similar

Tags: Cybersecurity Alert