Description
The TimThumb script is exploitable only if the WebShot feature is enabled. By default, WebShot is disabled.
TimThumb is a small php script for cropping, zooming and resizing web images (jpg, png, gif). Many WordPress themes and plugins distribute this script. A remote code execution vulnerability was reported in the WebShot feature of this script. This vulnerability was reported in v2.8.13 but previous versions are also vulnerable.
Remediation
Upgrade to the latest version of timthumb or disable the WebShot feature (if enabled).
References
Related Vulnerabilities
Code Evaluation (Apache Struts) S2-045
Apache Solr Deserialization of untrusted data via jmx.serviceUrl
Telerik Web UI Insecure Direct Object Reference
WordPress Plugin WPE Indoshipping Multiple Remote File Inclusion Vulnerabilities (2.5.0)
WordPress Plugin Form Manager Remote Command Execution (1.7.2)