CVE-2011-4106
TimThumb (timthumb.php) prior to version 2.0 contains a flaw where the code does not validate the entire image source against the domain whitelist. This allows a remote attacker to craft a URL with a whitelisted domain in the src parameter to upload and subsequently access a file in the cache dir...