Vulnerability Found in the TimThumb script

I just read from the VaultPress blog that they’ve found a vulnerability in this popular script.

This script is used by a lot of themes and it could be dangerous for your site and your server.

Update

First of all update to the last version of the script. Download it here.

Do not allow external

Be sure you have something like this near the first lines of the script:

define ('ALLOW_EXTERNAL', FALSE);

Now change from this:

$allowedSites = array (
    'flickr.com',
    'picasa.com',
    'img.youtube.com',
);

To this, just in case:

$allowedSites = array ();

You should be save now ;)

No comments yet, leave yours!

Leave a Reply

Add <code> Some Code </code> by using this tags.