Remote code execution vulnerability in ImageMagick
ImageMagick is popular image processing software. Recently, the software has been reported to have a remote code execution vulnerability, CVE-2016–3714.
This vulnerability allows attackers to run arbitrary code on the target server by uploading a maliciously crafted image file. It has been confirmed that certain well-known applications, such as WordPress, are affected by this vulnerability because ImageMagick is widely used.
ImageMagick <= 6.9.3-9
How to fix or mitigate
Use Alibaba Cloud Security web application firewall to intercept attack code of the vulnerability.
Download the latest installation package from the official website and install it on your local computer.
Note: Before you fix the vulnerability, create a server snapshot, which can be used for restoration if fixing the vulnerability fails.