Lucene search

[email protected]CVE-2014-4663

HistoryJul 15, 2014 - 2:55 p.m.

CVE-2014-4663

2014-07-1514:55:00

CWE-94

[email protected]

web.nvd.nist.gov

cve-2014-4663

timthumb

wordthumb

remote code execution

webshot

shell metacharacters

7.8 High

AI Score

Confidence

Low

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.092 Low

EPSS

Percentile

94.7%

JSON

TimThumb 2.8.13 and WordThumb 1.07, when Webshot (aka Webshots) is enabled, allows remote attackers to execute arbitrary commands via shell metacharacters in the src parameter.

CPENameOperatorVersion
binarymoon:timthumbbinarymoon timthumbeq2.8.13
binarymoon:wordthumbbinarymoon wordthumbeq1.07

CPE	Name	Operator	Version
binarymoon:timthumb	binarymoon timthumb	eq	2.8.13
binarymoon:wordthumb	binarymoon wordthumb	eq	1.07

References

packetstormsecurity.com/files/127192/TimThumb-2.8.13-Remote-Code-Execution.html

seclists.org/fulldisclosure/2014/Jul/4

seclists.org/fulldisclosure/2014/Jun/117

seclists.org/oss-sec/2014/q2/689

secunia.com/advisories/59558

www.exploit-db.com/exploits/33851

code.google.com/p/timthumb/issues/detail?id=485

code.google.com/p/timthumb/source/detail?r=219

7.8 High

AI Score

Confidence

Low

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.092 Low

EPSS

Percentile

94.7%

JSON

Related for CVE-2014-4663

prion1 cvelist1 nessus2 openvas1 wordfence1