3 writeups tagged with ImageMagick
ImageMagick policy bypass enables SSRF and local file read to steal credentials. Sudo misconfiguration grants root access.
Flask app path traversal via download endpoint reads arbitrary files including admin credentials. Magick ImageMagick CVE-2024-41817 for root shell.
ImageMagick CVE-2022-44268 arbitrary file read via malicious PNG. SQLite database exposes credentials. Binwalk CVE-2022-4510 for root shell.
