WordPress TimThumb Vulnerability – WebShot Remote Code Execution (0-day)

WordPress TimThumb Vulnerability

TimThumb is a small php script for cropping, zooming and resizing web images (jpg, png, gif). This is widely used in many WordPress theme providers to crop, zom, resize images.

WHMCS Complete Billing and Support

There was zero day exploit in WordPress TimThumb 2.8.13 which was allowing remote code execution. The vulnerability was present within WebShots fuction of TimThumb script. Full discloser of this vulnerability was already available. It is highly recommend that you disable WebShots functionality in your TimThumb. For more details of this, please refer the following URLs:

https://code.google.com/p/timthumb/issues/detail?id=485&thanks=485&ts=1403690188
http://seclists.org/fulldisclosure/2014/Jun/117

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.