Timthumb Vulnerability Scanner
2.8 version reported as vulnerable (2 posts)

  1. hopes
    Posted 3 years ago #

    I'm using a Themefuse theme which runs 2.8 version of the timthumb.php script. Theme developer say the vulnerability is fixed with that version, anyway, running this plugin it is still reported as vulnerable.
    Is this a false positive?
    Thanks a lot.


  2. Peter Butler
    Plugin Author

    Posted 3 years ago #

    This is sort of a loaded subject. The main vulnerability, which caused all of the issues, is fixed as of version 2 - so version 2.8 is much safer than anything under version 2. However, there was some concern around the way even 2.8 sanitized some input, and it wasn't as secure as it COULD be. That was fixed as of version 2.8.2.

    So: is version 2.8 vulnerable? Not in the way pre-2.0 versions were - however, to be absolutely safe, it's a good idea to be running 2.8.2 or above.

Topic Closed

This topic has been closed to new replies.

About this Plugin

  • Timthumb Vulnerability Scanner
  • Frequently Asked Questions
  • Support Threads
  • Reviews

About this Topic