Описание
TimThumb 2.8.13 and WordThumb 1.07, when Webshot (aka Webshots) is enabled, allows remote attackers to execute arbitrary commands via shell metacharacters in the src parameter.
TimThumb 2.8.13 and WordThumb 1.07, when Webshot (aka Webshots) is enabled, allows remote attackers to execute arbitrary commands via shell metacharacters in the src parameter.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2014-4663
- https://code.google.com/p/timthumb/issues/detail?id=485
- https://code.google.com/p/timthumb/source/detail?r=219
- http://packetstormsecurity.com/files/127192/TimThumb-2.8.13-Remote-Code-Execution.html
- http://seclists.org/fulldisclosure/2014/Jul/4
- http://seclists.org/fulldisclosure/2014/Jun/117
- http://seclists.org/oss-sec/2014/q2/689
- http://secunia.com/advisories/59558
- http://www.exploit-db.com/exploits/33851
Связанные уязвимости
nvd
больше 11 лет назад
TimThumb 2.8.13 and WordThumb 1.07, when Webshot (aka Webshots) is enabled, allows remote attackers to execute arbitrary commands via shell metacharacters in the src parameter.