TimThumb Arbitrary Code Injection

High Nessus Network Monitor Plugin ID 6059


The remote host is running software which allows arbitrary code injection


The remote host is running TimThumb, a PHP application which allows for image sizing on demand. This version of TimThumb is vulnerable to a flaw in the way that it parses valid 'allowed sites'. By default, TimThumb ships with a predefined list of trusted domains. However, when parsing client-issued URLs, it does not ensure that the domain is valid. So, for instance, an attacker can use a domain like flickr.com.myhost.com and TimThumb will download from that site because it contains the string 'flickr.com'.


Ensure that you are running the latest version of this product.

Plugin Details

Severity: High

ID: 6059

Family: Web Servers

Published: 2011/11/03

Modified: 2015/06/01

Dependencies: 6058

Risk Information

Risk Factor: High