Every CVE whose affected-product data names Binarymoon Timthumb, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (5)
CVE-2011-4106 — CVSS 6.8 (medium): TimThumb (timthumb.php) before 2.0 does not validate the entire source with the domain white list, which allows remote attackers to upload…
CVE-2014-4663 — CVSS 6.8 (medium): TimThumb 2.8.13 and WordThumb 1.07, when Webshot (aka Webshots) is enabled, allows remote attackers to execute arbitrary commands via shell…
CVE-2009-5142 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in timthumb.php in TimThumb 1.09 and earlier, as used in Mimbo Pro 2.3.1 and other products…
CVE-2010-5302 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in timthumb.php in TimThumb before 1.15 as of 20100908 (r88), as used in multiple products, allows…
CVE-2010-5303 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in the displayError function in timthumb.php in TimThumb before 1.15 (r85), as used in multiple…