WordPress.org

Support

Support » Plugins and Hacks » Timthumb Vulnerability Scanner » [Plugin: Timthumb Vulnerability Scanner] Always finds 2 vulnerable files

[Plugin: Timthumb Vulnerability Scanner] Always finds 2 vulnerable files

  • Wil

    @gravitationalfx

    I always get the error message
    “2 vulnerable Timthumb files found. Fix them here.”

    The files are:
    /wp-content/plugins/timthumb-vulnerability-scanner/cg-tvs-filescanner.php
    /wp-content/plugins/timthumb-vulnerability-scanner/class-cg-tvs-filescanner.php

    Fixing them prouces the following further error:
    File cg-tvs-filescanner.php at /wp-content/plugins/timthumb-vulnerability-scanner/cg-tvs-filescanner.php successfully upgraded.

    File class-cg-tvs-filescanner.php at /wp-content/plugins/timthumb-vulnerability-scanner/class-cg-tvs-filescanner.php successfully upgraded.
    A TimThumb error has occured
    The following error(s) occured:

    No image specified

    Query String : page=cg-timthumb-scanner
    TimThumb version : 2.8.5

    http://wordpress.org/extend/plugins/timthumb-vulnerability-scanner/

Viewing 9 replies - 1 through 9 (of 9 total)
  • I have this issue also.
    I tried to update them, recieved the errors and then the scanner no longer worked. So I removed it and reinstalled it.

    These files are from the actual scanner and I am hoping they are ok but it still doesn’t look good on the dashboard!

    Plugin Author Peter Butler

    @peterebutler

    Hey Guys –

    Sorry about the mess! I’m guesing this is because you’re working on Windows servers – the plugin should ignore its own files, but on windows servers, it had trouble with that. Ive just released an up date that fixes the issue on Windows servers, so you should be set moving forward.

    Thanks!

    Wil

    @gravitationalfx

    Hi Peter,

    Nope it’s not just due to Windows servers. This is happening on my Linux hosted sites.

    Cheerz,
    Wil.

    Plugin Author Peter Butler

    @peterebutler

    Hey Wil –

    That’s baffling. Do you, by chance, have a nonstandard wp-content location?

    Wil

    @gravitationalfx

    Nope, bog standard LAMP and out-of-the-box WP.

    It’s hosted under Blacknight.com.

    Cheerz,
    Wil.

    I ran timthumb on my linux site yesterday, as I’d done a few times before, this time it crashed the site, giving

    “A TimThumb error has occured
    The following error(s) occured:

    No image specified”

    when trying to view it, necessitating restoring a backup (in the absence of any idea of how to otherwise fix!)

    I’ve now got the red message telling me that there are 2x vulnerabilities, one from my woothemes newspress theme, and one from the connections pro plugin.

    Any suggestion what’s happening here?

    M

    Plugin Author Peter Butler

    @peterebutler

    Mark, what’s likely happened is: The scanner plugin tried to fix itself (it flagged itself as a vulnerable timthumb plugin, because of the code in teh plugin to find the plugin). This broke the plugin, which broke your site.

    Unfortunately, I havent been able to nail down why this is happening. If you’re comfortable with it, I’d love to help you sort out hte problem, as well as figure out exactly why it’s happening – if you’re interested, get in touch with me at peter@codegarage.com.

    Thanks!

    pinged you an email

    That’s baffling. Do you, by chance, have a nonstandard wp-content location?

    I I do, I renamed the wp-content. Any Ideas?
    Thanks 🙂

Viewing 9 replies - 1 through 9 (of 9 total)
  • The topic ‘[Plugin: Timthumb Vulnerability Scanner] Always finds 2 vulnerable files’ is closed to new replies.
Skip to toolbar