- Multiple vendor applications utilize phpThumb(). phpThumb() uses the GD library to create thumbnails from images (JPEG, PNG, GIF, BMP, etc) on the fly. phpThumb() versions 1.7.9 and below are vulnerable to a command injection vulnerability that allows an attacker to execute arbitrary shell commands. To test this vulnerability, Acunetix created a file named cache/acunetix.
- Upgrade to the latest version of phpThumb.
- TimThumb WebShot remote code execution
- Check for apache versions up to 1.3.25, 2.0.38
- Arbitrary EL Evaluation in RichFaces
- WordPress Plugin Global Content Blocks PHP Code Execution and Information Disclosure Vulnerabilities (1.5.1)
- WordPress Plugin EZPZ One Click Backup Remote Code Execution (12.03.10)