Select Page

ImageMagick vulnerability


How to block exploits via ImageMagick/GraphicsMagick popen() shell vulnerability in web hosting servers

How to block exploits via ImageMagick/GraphicsMagick popen() shell vulnerability in web hosting servers

On 29th May, we were alerted to a new ImageMagick vulnerability(NOT ImageTragick which we covered earlier) that allows arbitrary code execution on web hosting servers running Apache, Nginx or others as long as ImageMagick binary “convert” is accessible to web servers. We confirmed this vulnerability in several Linux web hosting servers including cPanel, Plesk and DirectAdmin. (more…)

How to fix ImageMagick vulnerability (aka ImageTragick) in cPanel, Plesk, DirectAdmin, CentOS, Ubuntu, RedHat, Debian and other Linux servers

How to fix ImageMagick vulnerability (aka ImageTragick) in cPanel, Plesk, DirectAdmin, CentOS, Ubuntu, RedHat, Debian and other Linux servers

On May 3rd, ImageMagick disclosed a serious Remote Code Execution vulnerablity (CVE-2016–3714) that allows attackers to execute malware hidden in image uploads. ImageMagick is widely used to process images, and is a part of PHP, Ruby, Node.Js, Python and many other language libraries. As of this writing, there are confirmed server hacks using exploits already in public domain, and it is best to secure your server ASAP. (more…)