(LiveHacking.Com) – TimThumb, a PHP script that is used in many popular WordPress themes, contains a vulnerability that allows a remote attacker to upload arbitrary PHP code to an affected site.
The problem is that the script does not check remotely cached files properly. By crafting a special image file with a valid MIME-type, and appending a PHP file at the end of this, it is possible to fool TimThumb into believing that it is a legitimate image, thus caching it locally in the cache directory.
All WordPress administrators are advised to:
- determine if any hosted blogs use TimThumb by searching for timthumb.php or thumb.php
- review the blog entry on the issue and apply any necessary updates or workarounds to help mitigate the risks
Mark Maunder, who found the vulnerability, has posted technical details of the hack here.