phpThumb() fltr[] parameter command injection vulnerability
Description
Multiple vendor applications utilize phpThumb(). phpThumb() uses the GD library to create thumbnails from images (JPEG, PNG, GIF, BMP, etc) on the fly. phpThumb() versions 1.7.9 and below are vulnerable to a command injection vulnerability that allows an attacker to execute arbitrary shell commands. To test this vulnerability, Invicti created a file named cache/acunetix.
Remediation
Upgrade to the latest version of phpThumb.