Arbitrary Command Execution in TimThumb and WordThumb with Webshot Enabled
CVE-2014-4663 · MEDIUM Severity
AV:N/AC:M/AU:N/C:P/I:P/A:P
TimThumb 2.8.13 and WordThumb 1.07, when Webshot (aka Webshots) is enabled, allows remote attackers to execute arbitrary commands via shell metacharacters in the src parameter.
Learn more about our Web App Pen Testing.