E19-5oqy1
CVSS:
7.2 CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
False Positive:
f
Variants:
20
Year:
2018
Description
This strike emulates a remote code execution via a POP chain attack on PhpBB forum platform.
The vulnerability resides in calling the "file_exists" function with user supplied data when checking the ImageMagick binary path. An authenticated attacker may gain arbitrary code execution by uploading a polyglot JPEG-PHAR file beforehand then setting the ImageMagick path to the polyglot, using the "phar://" prefix.