[Plugin: Connections] TimThumb Vulnerability

Viewing 4 replies - 1 through 4 (of 4 total)
  • Plugin Author Steven

    (@shazahm1hotmailcom)

    The simple solution is not to use the scanner. Connections already has the secured version of TimThumb.

    Connections 0731 doesn’t have the latest timthumb 2.8.11. Also, the vulnerability scanner shows that connections.php is vulnerable.

    I upgraded to the latest timthumb, but I don’t know why connections.php is vulnerable.

    Plugin Author Steven

    (@shazahm1hotmailcom)

    @vest24

    Connections has version 2.8.10 r215 which is secured. TimThumb 2.8.11 r216 was just released a few days ago. It does not contain any security related fixes … just a comment fix, a better handling of PNG files with transparency and a check for a redirect in the image path. The connections.php file is likely flagged because it mentions timthumb.php in the code comments. IT is not advisable that you use its auto fix function as it breaks Connections by overwriting the connections.php file with the timthumb.php file.

    @shazahm1 – Why not get with the author of that plugin to be whitelisted if there is no vulnerability?

Viewing 4 replies - 1 through 4 (of 4 total)
  • The topic ‘[Plugin: Connections] TimThumb Vulnerability’ is closed to new replies.