MidnightBSD

Advisories for binarymoon

CVE-2014-4663 MEDIUM

TimThumb 2.8.13 and WordThumb 1.07, when Webshot (aka Webshots) is enabled, allows remote attackers to execute arbitrary commands via shell metacharacters in the src parameter.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-94,

Products Affected

Vendor Product Version
binarymoon timthumb 2.8.13
binarymoon wordthumb 1.07