Description
TimThumb is a small php script for cropping, zooming and resizing web images (jpg, png, gif). Many WordPress themes and plugins distribute this script. A remote code execution vulnerability was reported in the WebShot feature of this script. This vulnerability was reported in v2.8.13 but previous versions are also vulnerable.
Remediation
Upgrade to the latest version of timthumb or disable the WebShot feature (if enabled).
References
Related Vulnerabilities
WordPress Plugin BJ Lazy Load Remote Code Execution (0.7.5)
RCE in Ivanti Connect Secure and Policy Secure (CVE-2024-21887)
Liferay TunnelServlet Deserialization Remote Code Execution
Apache Log4j2 JNDI Remote Code Execution
Reflected Cross-Site Scripting (XSS) vulnerability in PAN-OS management web interface