-
MODX Staff
- 2,502 Posts
It has recently come to our attention that phpThumb (all versions) contains an unpatched vulnerability.
The application is prone to a command-injection vulnerability because it fails to adequately sanitize user-supplied input to the ’fltr[]’ parameter in the ’phpThumb.php’ script.
Attackers can exploit this issue to execute arbitrary commands in the context of the webserver.
Note that successful exploitation requires ’ImageMagick’ to be installed.
phpThumb() 1.7.9 is affected; other versions may also be vulnerable.
If you are using phpThumb on any of your sites either as part of a plugin or standalone, you should use the following fix to secure your site:
http://modxcms.com/forums/index.php/topic,54874.msg316279.html#msg316279
Note: This vulnerability does not affect the phpThumb that is included in the MODx Revolution distribution.
Author of zero books. Formerly of many strange things. Pairs well with meats. Conversations are magical experiences. He's dangerous around code but a markup
magician.
Blog ✦
Twitter ✦
LinkedIn ✦
GitHub