Vulnerability Name:

CVE-2011-4106

Assigned:2011-10-18
Published:2013-10-26
Updated:2013-10-28
Summary:TimThumb (timthumb.php) before 2.0 does not validate the entire source with the domain white list, which allows remote attackers to upload and execute arbitrary code via a URL containing a white-listed domain in the src parameter, then accessing it via a direct request to the file in the cache directory, as exploited in the wild in August 2011.
CVSS v3 Severity:5.6 Medium (CCN CVSS v3 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): High
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): Low
Availibility (A): Low
CVSS v2 Severity:6.8 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P)
5.3 Medium (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P/E:POC/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
6.0 Medium (CCN CVSS v2 Vector: AV:N/AC:M/Au:S/C:P/I:P/A:P)
4.7 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:S/C:P/I:P/A:P/E:POC/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Athentication (Au): Single_Instance
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
Vulnerability Type:CWE-20
References:Source: CONFIRM
Type: PATCH
http://code.google.com/p/timthumb/issues/detail?id=212

Source: MISC
Type: UNKNOWN
http://markmaunder.com/2011/08/01/zero-day-vulnerability-in-many-wordpress-themes/

Source: MISC
Type: PATCH
http://markmaunder.com/2011/08/02/technical-details-and-scripts-of-the-wordpress-timthumb-php-hack/

Source: CONFIRM
Type: UNKNOWN
http://www.binarymoon.co.uk/2011/08/timthumb-2/

Source: EXPLOIT-DB
Type: UNKNOWN
17602

Source: EXPLOIT-DB
Type: UNKNOWN
17872

Source: MLIST
Type: UNKNOWN
[oss-security] 20111103 Re: CVE request: wordpress plugin timthumb before 2.0 remote code execution

Source: XF
Type: UNKNOWN
timthumb-cache-file-upload(68981)

Vulnerable Configuration:Configuration 1:
  • cpe:/a:binarymoon:timthumb:1.99:*:*:*:*:*:*:*

  • Denotes that component is vulnerable
    BACK
    binarymoon timthumb 1.99