4 matches found
CVE-2011-4106
TimThumb timthumb.php before 2.0 does not validate the entire source with the domain white list, which allows remote attackers to upload and execute arbitrary code via a URL containing a white-listed domain in the src parameter, then accessing it via a direct request to the file in the cache...
CVE-2011-4106
TimThumb (timthumb.php) prior to version 2.0 contains a flaw where the code does not validate the entire image source against the domain whitelist. This allows a remote attacker to craft a URL with a whitelisted domain in the src parameter to upload and subsequently access a file in the cache dir...
CVE-2011-4106
TimThumb timthumb.php before 2.0 does not validate the entire source with the domain white list, which allows remote attackers to upload and execute arbitrary code via a URL containing a white-listed domain in the src parameter, then accessing it via a direct request to the file in the cache...
CVE-2011-4106
creationtimestamp| type| source ---|---|--- 2011-08-03 00:00:00+00:00| confirmed| https://www.exploit-db.com/exploits/17602 2026-06-19 16:45:36+00:00| exploited| https://vulnerability.circl.lu/known-exploited-vulnerabilities-catalog/a009c5fa-c459-4903-9955-a769dbabfd23 2026-06-23 14:04:09+00:00|...