WordPress.org

Ready to get started?Download WordPress

Forums

Timthumb Vulnerability Scanner
Always finds 2 vulnerable files (10 posts)

  1. Wil
    Member
    Posted 2 years ago #

    I always get the error message
    "2 vulnerable Timthumb files found. Fix them here."

    The files are:
    /wp-content/plugins/timthumb-vulnerability-scanner/cg-tvs-filescanner.php
    /wp-content/plugins/timthumb-vulnerability-scanner/class-cg-tvs-filescanner.php

    Fixing them prouces the following further error:
    File cg-tvs-filescanner.php at /wp-content/plugins/timthumb-vulnerability-scanner/cg-tvs-filescanner.php successfully upgraded.

    File class-cg-tvs-filescanner.php at /wp-content/plugins/timthumb-vulnerability-scanner/class-cg-tvs-filescanner.php successfully upgraded.
    A TimThumb error has occured
    The following error(s) occured:

    No image specified

    Query String : page=cg-timthumb-scanner
    TimThumb version : 2.8.5

    http://wordpress.org/extend/plugins/timthumb-vulnerability-scanner/

  2. ktaylor
    Member
    Posted 2 years ago #

    I have this issue also.
    I tried to update them, recieved the errors and then the scanner no longer worked. So I removed it and reinstalled it.

    These files are from the actual scanner and I am hoping they are ok but it still doesn't look good on the dashboard!

  3. Peter Butler
    Member
    Plugin Author

    Posted 2 years ago #

    Hey Guys -

    Sorry about the mess! I'm guesing this is because you're working on Windows servers - the plugin should ignore its own files, but on windows servers, it had trouble with that. Ive just released an up date that fixes the issue on Windows servers, so you should be set moving forward.

    Thanks!

  4. Wil
    Member
    Posted 2 years ago #

    Hi Peter,

    Nope it's not just due to Windows servers. This is happening on my Linux hosted sites.

    Cheerz,
    Wil.

  5. Peter Butler
    Member
    Plugin Author

    Posted 2 years ago #

    Hey Wil -

    That's baffling. Do you, by chance, have a nonstandard wp-content location?

  6. Wil
    Member
    Posted 2 years ago #

    Nope, bog standard LAMP and out-of-the-box WP.

    It's hosted under Blacknight.com.

    Cheerz,
    Wil.

  7. markwatson
    Member
    Posted 2 years ago #

    I ran timthumb on my linux site yesterday, as I'd done a few times before, this time it crashed the site, giving

    "A TimThumb error has occured
    The following error(s) occured:

    No image specified"

    when trying to view it, necessitating restoring a backup (in the absence of any idea of how to otherwise fix!)

    I've now got the red message telling me that there are 2x vulnerabilities, one from my woothemes newspress theme, and one from the connections pro plugin.

    Any suggestion what's happening here?

    M

  8. Peter Butler
    Member
    Plugin Author

    Posted 2 years ago #

    Mark, what's likely happened is: The scanner plugin tried to fix itself (it flagged itself as a vulnerable timthumb plugin, because of the code in teh plugin to find the plugin). This broke the plugin, which broke your site.

    Unfortunately, I havent been able to nail down why this is happening. If you're comfortable with it, I'd love to help you sort out hte problem, as well as figure out exactly why it's happening - if you're interested, get in touch with me at peter@codegarage.com.

    Thanks!

  9. markwatson
    Member
    Posted 2 years ago #

    pinged you an email

  10. Radek Kucera
    Member
    Posted 2 years ago #

    That's baffling. Do you, by chance, have a nonstandard wp-content location?

    I I do, I renamed the wp-content. Any Ideas?
    Thanks :)

Topic Closed

This topic has been closed to new replies.

About this Plugin

About this Topic