TimThumb WebShot remote code execution

  • The TimThumb script is exploitable only if the WebShot feature is enabled. By default, WebShot is disabled.

    TimThumb is a small php script for cropping, zooming and resizing web images (jpg, png, gif). Many WordPress themes and plugins distribute this script. A remote code execution vulnerability was reported in the WebShot feature of this script. This vulnerability was reported in v2.8.13 but previous versions are also vulnerable.
  • Upgrade to the latest version of timthumb or disable the WebShot feature (if enabled).