Arbitrary Command Execution in TimThumb and WordThumb with Webshot Enabled

Arbitrary Command Execution in TimThumb and WordThumb with Webshot Enabled

CVE-2014-4663 · MEDIUM Severity

AV:N/AC:M/AU:N/C:P/I:P/A:P

TimThumb 2.8.13 and WordThumb 1.07, when Webshot (aka Webshots) is enabled, allows remote attackers to execute arbitrary commands via shell metacharacters in the src parameter.

Learn more about our Web App Pen Testing.