Vulnerability in TimThumb.php Script and How to Update It
A few days ago I talked about an error with the TimThumb.php script that did not allow it to display thumbnails properly because of a permissions issue. I just learned today that the entire PHP script has some vulnerabilities. For this reason, if you are using TimThumb.php in WordPress or any other platform like Drupal, then you must update the script to protect yourself from this vulnerability.
Follow these steps to easily update the TimThumb.php script in WordPress.
1) Log into your WordPress Admin control panel by going to http://www.yourdomain.com/wp-admin. You should replace the ‘yourdomain.com’ with your actual domain name.
2) Go to Appearance
3) Click on Editor
4) On the right side of the screen, click on TimThumb.php and it will load into the editor window. The latest version as of September 1, 2011 is version 2.0. If you are not using version 2.0, you need to replace it.
5) Right-click in the editor window and click on Select All
6) Press the delete key on the keyboard or right click and choose delete to delete the entire script.
7) Open a new window in your browser and go to the following site
8 ) You’ll want to copy this code by right-clicking on the page and choose Select All, then Right-click and choose Copy.
9) Now go back to your WP-admin window in your browser
10) Right-click in the editor window and choose Paste
11) Click Update File at the bottom of the Editor window
12) It may take several minutes to update the file, just be patient and wait.
13) Once its updated, you are finished. The TimThumb.php script is now updated and safe from this particular vulnerability.
Continue to update any other WordPress blogs, or other sites that use TimThumb.php
Filed under: Errors
Like this post? Subscribe to my RSS feed and get loads more!