Trouble Updating TimThumb after Vulnerability Discovered (4 posts)

  1. Aaress
    Posted 4 years ago #


    I'm trying to update my theme's installation of TimThumb after the news came out that there is a security breach - http://markmaunder.com/2011/zero-day-vulnerability-in-many-wordpress-themes/

    Problem is, when I tried to overwrite the TimThumb.php file with the new code, my site's thumbnails stopped working. Is there something else in that PHP file that I need to change?

    I'm not very familiar with PHP, so I'd appreciate whatever help anyone can provide!

    I've uploaded the code to a pastebin for review.

    New TimThumb.php code: http://pastebin.com/Tb4j24ZX

    Current & Unsecure PHP Code: http://pastebin.com/REUUZMQQ

    Thanks so much!

  2. techfeedlab
    Posted 4 years ago #

    Are you using latest PHP code from the site,
    http://code.google.com/p/timthumb/ ??

    You can try some comments ,http://code.google.com/p/timthumb/issues/detail?id=212

  3. Aaress
    Posted 4 years ago #

    Hi techfeedlab,

    Thanks for your reply. I did try using the latest timthumb code, but that didn't fix the problem. Also, I did check and my site's not set for PHP safe mode.

  4. gamerpops
    Posted 4 years ago #

    I'm having the same problem. I updated the timthumb code on gamerpops.com, and now any articles that were posted before the update will not have their thumbnails show up. Needless to say, this is a huge problem!

Topic Closed

This topic has been closed to new replies.

About this Topic