We’d like to make sure you all know about a serious vulnerability that was recently discovered in a popular image re-sizing tool called “timthumb.php”. This affects many WordPress themes and other PHP-driven websites. Read on for technical details and quick instructions on how to keep your sites secure.
Who might be affected?
- Anyone with a PHP-driven website which is running timthumb.php.
- Many WordPress themes utilize timthumb.php by default.
- This is not unique to a single web hosting provider.
What does timthumb.php do?
Many developers use “timthumb.php” to resize images to fit their website. It also allows you to pull images from external sites, which is very cool, but there’s a catch… The same feature may allow attackers to upload malicious scripts. In a worst-case, this could result in file corruption or even data loss.
Friday, August 12, 2011
