漏洞描述
ImageMagick是一款使用量很广的图片处理程序,很多厂商都调用了这个程序进行图片处理,包括图片的伸缩、切割、水印、格式转换等等。GraphicsMagick(ImageMagick的一个分支版本)1.3.24之前版本和ImageMagick的blob.c文件中的‘OpenBlob’函数中存在安全漏洞。远程攻击者可借助文件名开始的‘|’字符利用该漏洞执行shell代码。
GraphicsMagick 1.3.24 远程命令执行 (CVE-2016-5118)
PoC代码
暂无相关漏洞推荐
- POC CVE-2020-15081: PrestaShop < 1.7.6.6 - Information Exposure via Upload Directory
- POC CVE-2020-9314: Oracle iPlanet Web Server 7.0.x - Image Injection
- POC CVE-2021-21246: OneDev < 4.0.3 - User Access Token Leak
- POC CVE-2021-22881: Ruby on Rails - Open Redirect via Host Header Injection
- POC CVE-2022-0188: CMP WordPress < 4.0.19 - Broken Access Control
- POC CVE-2022-41697: Ghost CMS - User Enumeration
- POC CVE-2022-4223: pgAdmin < 6.17 - Unauthenticated Remote Code Execution
- POC CVE-2025-11580: PowerJob List - Authorization Bypass
- POC CVE-2025-13418: Responsive Pricing Table <= 5.1.12 - Cross-Site Scripting
- POC CVE-2025-27817: Apache Kafka Client - Arbitrary File Read
- POC CVE-2025-56520: Dify v1.6.0 - Server-Side Request Forgery
- POC CVE-2025-66516: Apache Tika - XML External Entity Injection
- POC CVE-2025-8110: Gogs <= 0.13.3 - Remote Code Execution