Main
Vulnerability Database
Exploits
ID:1048 - Exploit for Server Side Request Forgery in ImageMagick - CVE-2016-3718
ID:1048 - Exploit for Server Side Request Forgery in ImageMagick - CVE-2016-3718
Published: March 18, 2020
Vulnerability identifier: #VU5850
Vulnerability risk: High
CVE-ID: CVE-2016-3718
CWE-ID: CWE-918
Exploitation vector: Remote access
Vulnerable software:
ImageMagick
ImageMagick
Link to public exploit:
Vulnerability description
The vulnerability allows a remote attacker to perform server-side forgery attacks and compromise vulnerable application.
The weakness exists due to the failure to properly prevent the disclosure of file contents when processing certain MVG files. A remote attacker can persuade the victim to open specially crafted images using the .mvg file to trick the victim host into performing HTTP requests or opening FTP sessions.
Successful exploitation of this vulnerability may allow an attacker to perform SSRF attack to retrieve information for further attacks against vulnerable system by performing unauthorized connections to local resources, gain access to sensitive information and compromise vulnerable system.
The weakness exists due to the failure to properly prevent the disclosure of file contents when processing certain MVG files. A remote attacker can persuade the victim to open specially crafted images using the .mvg file to trick the victim host into performing HTTP requests or opening FTP sessions.
Successful exploitation of this vulnerability may allow an attacker to perform SSRF attack to retrieve information for further attacks against vulnerable system by performing unauthorized connections to local resources, gain access to sensitive information and compromise vulnerable system.
Remediation
Update to version 6.9.3-10 or 7.0.1-1.