timthumb.php remote code execution
Description
timthumb.php is a widely-used image resizing library commonly integrated into WordPress themes and plugins. Versions prior to 1.34 contain a critical security flaw that allows remote attackers to bypass domain whitelist restrictions and upload malicious PHP files to the timthumb cache directory. Once uploaded, these files can be executed directly through web requests, giving attackers complete control over the affected server. This vulnerability has been actively exploited in the wild and is tracked as CVE-2011-4106.
Remediation
Immediately upgrade timthumb.php to version 1.34 or later, which contains the security fixes for this vulnerability.
Steps to remediate:
1. Identify all instances of timthumb.php in your WordPress installation by searching your themes and plugins directories
2. Download the latest version of timthumb.php from the official repository
3. Replace all vulnerable instances with the updated version
4. Clear the timthumb cache directory (typically cache/ or temp/) and review its contents for any suspicious PHP files
5. If theme or plugin updates are available that include the patched version, apply those updates instead of manual replacement
6. Consider removing timthumb.php entirely if it is no longer needed, as WordPress now includes native image resizing functionality
After remediation, verify that the vulnerability has been resolved by rescanning your application.