Description
TimThumb is a small php script for cropping, zooming and resizing web images (jpg, png, gif). Many WordPress themes and plugins distribute this script. A remote code execution vulnerability was reported in the WebShot feature of this script. This vulnerability was reported in v2.8.13 but previous versions are also vulnerable.
Remediation
Upgrade to the latest version of timthumb or disable the WebShot feature (if enabled).
References
Related Vulnerabilities
WordPress Plugin Advanced Access Manager Arbitrary Code Execution (2.8.2)
Drupal Core 4.6.x Arbitrary Code Execution (4.6.0 - 4.6.6)
WordPress Plugin Woody ad snippets-Insert Header Footer Code, AdSense Ads PHP Code Injection (1.3)
Apache Struts 2 ClassLoader manipulation and denial of service (S2-020)
WordPress Plugin WooCommerce Possible Remote Code Execution (3.4.5)