TimThumb 2.8.13 and WordThumb 1.07, when Webshot (aka Webshots) is enabled, allows remote malicious users to execute arbitrary commands via shell metacharacters in the src parameter.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
binarymoon timthumb 2.8.13 |
||
binarymoon wordthumb 1.07 |