phpThumb() fltr[] parameter command injection vulnerability

Description
  • Multiple vendor applications utilize phpThumb(). phpThumb() uses the GD library to create thumbnails from images (JPEG, PNG, GIF, BMP, etc) on the fly. phpThumb() versions 1.7.9 and below are vulnerable to a command injection vulnerability that allows an attacker to execute arbitrary shell commands. To test this vulnerability, Acunetix created a file named cache/acunetix.
Remediation
  • Upgrade to the latest version of phpThumb.
References