ImageMagick < 6.9.3-9 - Multiple Vulnerabilities

Out of Character
1

ImageMagick allows to process files with external libraries. This
feature is called ‘delegate’. It is implemented as a system() with
command string (‘command’) from the config file delegates.xml with
actual value for different params (input/output filenames etc). Due to
insufficient %M param filtering it is possible to conduct shell command
injection. One of the default delegate’s command is used to handle https
requests:

(link removed by moderator)

2

We’re closing this thread as off-topic and blanking the link. You’re all welcome to discuss the implications of certain real-life exploits or to roleplay about them, but this is just a link to an actual exploit without further context. Feel free to make another thread with a prompt for actual discussion.