FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

PivotX -- Remote File Inclusion Vulnerability of TimThumb

Affected packages
pivotx < 2.3.0


VuXML ID e454ca2f-f88d-11e0-b566-00163e01a509
Discovery 2011-08-03
Entry 2011-10-17

The PivotX team reports:

TimThumb domain name security bypass and insecure cache handling. PivotX before 2.3.0 includes a vulnerable version of TimThumb.

If you are still running PivotX 2.2.6, you might be vulnerable to a security exploit, that was patched previously. Version 2.3.0 doesn't have this issue, but any older version of PivotX might be vulnerable.


Bugtraq ID 48963