Publish Date: Nov. 9, 2018
SummaryThe Spiceworks Community uses ImageMagick for some image uploads. Vulnerabilities were discovered that could allow an attacker to gain access to most of the Community database or random memory segments.
Who’s Affected?At this time, we do not believe there were any exploits of these vulnerabilities.
DetailsWhen uploading images in some areas of the Community, an attacker could take advantage of an ImageMagick vulnerability that was not properly patched. When this vulnerability with ImageMagick was originally discovered, the Spiceworks Community was updated to prevent any exploits. When the Community database was moved to a different service, though, the preventative measures were not implemented. An attacker could disguise malicious code as specific file types (including images and PDF) and have the...