Published: 26/10/2013 Updated: 28/10/2013

CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6

VMScore: 690

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

TimThumb (timthumb.php) prior to 2.0 does not validate the entire source with the domain white list, which allows remote malicious users to upload and execute arbitrary code via a URL containing a white-listed domain in the src parameter, then accessing it via a direct request to the file in the cache directory, as exploited in the wild in August 2011.

Vulnerable Product	Search on Vulmon	Subscribe to Product
binarymoon timthumb

# Exploit Title: Multiple Wordpress timthumbphp reuse vulnerabilities # Date: 09/19/2011 # Author: Ben Schmidt (supernothing (AT) spareclockcyclesorg @_supernothing) --- Description --- The following Wordpress plugins reuse a vulnerable version of the timthumbphp library By hosting a malicious GIF file with PHP code appended to the end on an ...

# Exploit Title: WordPress TimThumb Plugin - Remote Code Execution # Google Dork: inurl:timthumb ext:php -site:googlecodecom -site:googlecom # Date: 3rd August 2011 # Author: MaXe # Software Link: timthumbgooglecodecom/svn-history/r141/trunk/timthumbphp # Version: 132 # Screenshot: See attachment # Tested on: Windows XP + Apache + PHP ...

CWE-20 http://www.openwall.com/lists/oss-security/2011/11/03/4 http://www.exploit-db.com/exploits/17602 http://markmaunder.com/2011/08/01/zero-day-vulnerability-in-many-wordpress-themes/http://code.google.com/p/timthumb/issues/detail?id=212 http://www.binarymoon.co.uk/2011/08/timthumb-2/http://markmaunder.com/2011/08/02/technical-details-and-scripts-of-the-wordpress-timthumb-php-hack/http://www.exploit-db.com/exploits/17872 https://nvd.nist.gov https://www.exploit-db.com/exploits/17872/

CVE-2011-4106

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect