Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
patchstackMaXePATCHSTACK:CC92BE5E2F7E0517672641CD964CFA26
HistoryAug 03, 2011 - 12:00 a.m.

WordPress TimThumb Plugin 1.32 - Remote Code Execution

2011-08-0300:00:00
MaXe
patchstack.com
20

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

JSON

This TimThumb plugin is prone to a Remote Code Execution vulnerability because script does not check remotely cached files properly.

Solution

           Update this plugin to the latest version or just delete the "timthumb" file.
CPENameOperatorVersion
timthumble1.32

Related

dsquare 16
prion 1
cve 1
nessus 1
wpvulndb 1
impervablog 1
dsquare
dsquare
Wordpress LISL Last Image Slider 1.0 File Upload
2012-02-09 00:00:00
Wordpress Kino Gallery 1.0 File Upload
2012-02-09 00:00:00
Wordpress Vk Gallery 1.1.0 File Upload
2012-02-09 00:00:00
prion
prion
Design/Logic Flaw
2013-10-26 16:55:00
cve
cve
CVE-2011-4106
2013-10-26 16:55:00
nessus
nessus
TimThumb Cache Directory 'src' Parameter Arbitrary PHP File Upload
2011-11-08 00:00:00
wpvulndb
wpvulndb
Extend 1.3.7 - Shell Upload
2014-08-01 10:58:53
impervablog
impervablog
CrimeOps of the KashmirBlack Botnet – Part II
2020-10-22 18:55:05

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

JSON
Related for PATCHSTACK:CC92BE5E2F7E0517672641CD964CFA26
dsquare16prion1cve1nessus1wpvulndb1impervablog1