TimThumb Arbitrary Code Injection

High Nessus Network Monitor Plugin ID 6059

Synopsis

The remote host is running software which allows arbitrary code injection

Description

The remote host is running TimThumb, a PHP application which allows for image sizing on demand. This version of TimThumb is vulnerable to a flaw in the way that it parses valid 'allowed sites'. By default, TimThumb ships with a predefined list of trusted domains. However, when parsing client-issued URLs, it does not ensure that the domain is valid. So, for instance, an attacker can use a domain like flickr.com.myhost.com and TimThumb will download from that site because it contains the string 'flickr.com'.

Solution

Ensure that you are running the latest version of this product.

Plugin Details

Severity: High

ID: 6059

Family: Web Servers

Published: 2011/11/03

Modified: 2015/06/01

Dependencies: 6058

Risk Information

Risk Factor: High