Thumbnail AutoIndex contains a flaw that may allow an attacker to execute arbitrary PHP code on the server. The application makes use of the 'include' function to include the 'README.html' and 'HEADER.html'. This may become an issue for a provider that offers the application as a service but disallows users to create their own PHP scripts. The flaw will allow such a user to include PHP code in one of the files mentioned above, potentially causing a loss of integrity.
Upgrade to version 2.0 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.