New TimThumb vulnerability (0-day)
-
Today, a new TimThumb vulnerability was posted on the Full Disclosure mailing list archives. It allows an attacker to run commands on a server. This is a very serious issue, because a lot of plugins and themes use TimThumb
Ensure that you upgraded your copy of NinjaFirewall to the latest 1.2.2 version in order to remain protected.
Also, note that TimThumb was and is still poorly coded, therefore we strongly recommend to use another alternative.
- The topic ‘New TimThumb vulnerability (0-day)’ is closed to new replies.
