[wp-hackers] New aribtrary code vulnerability in TimThumb (not quite as bad as last time)

Harry Metcalfe harry at dxw.com
Wed Jun 25 11:59:57 UTC 2014


Just a heads-up. If you're using Webshots, you're vulnerable. No new 
version yet.

Here's the report: http://seclists.org/fulldisclosure/2014/Jun/117

And my writeup with instructions for fix: 
http://www.dxw.com/2014/06/timthumb-raises-its-ugly-head-once-again/

Harry

-- 
Harry Metcalfe
07790 559 876
@harrym



More information about the wp-hackers mailing list