1. Symantec-Broadcom-Horizontal/
  2. Security Response/
  3. Attack Signatures/
  4. Web Attack: Timthumb Arbitrary File Upload CVE-2011-4106

Web Attack: Timthumb Arbitrary File Upload CVE-2011-4106

Severity: High

This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.


This signature detects attempts to exploit an arbitrary file upload vulnerability in Wordpress Timthumb plugin.

Additional Information

WordPress is a PHP-based content manager. Timthumb is a plugin for WordPress.

The application is prone to a vulnerability that lets attackers upload arbitrary files. The issue occurs because the application stores uploaded files in a Web accessible temporary cache directory. Also, the application fails to properly validate permitted domains for uploaded files.

An attacker can exploit this issue to upload arbitrary PHP code and run it in the context of the Web server process. This may facilitate unauthorized access or privilege escalation; other attacks are also possible.


  • Versions prior to Timthumb 1.34 are vulnerable.
  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube