The 2012 Pwnie Nominee For Best Server-Side Bug

WordPress Timthumb Plugin ‘timthumb’ Cache Directory Arbitrary File Upload Vulnerability (CVE-2011-4106)

Credit: Mark Maunder

Here’s a tip from some old hands at this game: if the software is named after the author’s first name, it is likely INSECURE AS ALL HELL. This design error is case and point. Download files from attacker-specified URLs into a cache directory inside the webroot? Sounds like a great idea to me.

(CVE-2011-4106)