Description
Multiple vendor applications utilize phpThumb(). phpThumb() uses the GD library to create thumbnails from images (JPEG, PNG, GIF, BMP, etc) on the fly. phpThumb() versions 1.7.9 and below are vulnerable to a command injection vulnerability that allows an attacker to execute arbitrary shell commands. To test this vulnerability, Acunetix created a file named cache/acunetix.
Remediation
Upgrade to the latest version of phpThumb.
References
Related Vulnerabilities
Jenkins Protection Mechanism Failure Vulnerability (CVE-2021-21690)
MySQL Improper Link Resolution Before File Access ('Link Following') Vulnerability (CVE-2008-4098)
MyBB URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2018-10678)
Chart.js Improper Input Validation Vulnerability (CVE-2020-7746)