CVE-2014-4663

Опубликовано: 15 июл. 2014

Источник: nvd

CVSS2: 6.8

EPSS Средний

Описание

TimThumb 2.8.13 and WordThumb 1.07, when Webshot (aka Webshots) is enabled, allows remote attackers to execute arbitrary commands via shell metacharacters in the src parameter.

Ссылки

http://packetstormsecurity.com/files/127192/TimThumb-2.8.13-Remote-Code-Execution.html
http://seclists.org/fulldisclosure/2014/Jul/4
http://seclists.org/fulldisclosure/2014/Jun/117
http://seclists.org/oss-sec/2014/q2/689
http://secunia.com/advisories/59558
http://www.exploit-db.com/exploits/33851
Exploit
https://code.google.com/p/timthumb/issues/detail?id=485
https://code.google.com/p/timthumb/source/detail?r=219
http://packetstormsecurity.com/files/127192/TimThumb-2.8.13-Remote-Code-Execution.html
http://seclists.org/fulldisclosure/2014/Jul/4
http://seclists.org/fulldisclosure/2014/Jun/117
http://seclists.org/oss-sec/2014/q2/689
http://secunia.com/advisories/59558
http://www.exploit-db.com/exploits/33851
Exploit
https://code.google.com/p/timthumb/issues/detail?id=485
https://code.google.com/p/timthumb/source/detail?r=219

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:binarymoon:timthumb:2.8.13:*:*:*:*:*:*:*

cpe:2.3:a:binarymoon:wordthumb:1.07:*:*:*:*:*:*:*

EPSS

Процентиль: 95%

0.19056

Средний

6.8 Medium

CVSS2

Дефекты

CWE-94

Связанные уязвимости

GHSA-qmf7-fj73-rx79

github

больше 3 лет назад