Welcome to WebmasterWorld Guest from 22.214.171.124
Forum Moderators: phranque
A large number of websites are vulnerable to a simple attack that allows hackers to execute malicious code hidden inside booby-trapped images.
The vulnerability resides in ImageMagick, a widely used image-processing library that's supported by PHP, Ruby, NodeJS, Python, and about a dozen other languages. Many social media and blogging sites, as well as a large number of content management systems, directly or indirectly rely on ImageMagick-based processing so they can resize images uploaded by end users. ImageMagick Vulnerabilities Put Many Websites at Risk [arstechnica.com]
They haven't issued any patches, but they did suggest website administrators add several lines of code to configuration files to block at least some of the possible exploits.