CVE-2022-2441

HIGH

ImageMagick Engine < 1.7.5 - Unauthenticated Remote Code Execution via cli_path Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2022-2441. PoCs published by ABDO10.

AI-analyzed exploit summary This exploit targets a Remote Code Execution (RCE) vulnerability in the WordPress plugin ImageMagick-Engine version 1.7.4 and below. The vulnerability is exploited via the 'cli_path' parameter in an AJAX request, allowing authenticated users to execute arbitrary commands.

Description

The ImageMagick Engine plugin for WordPress is vulnerable to remote code execution via the 'cli_path' parameter in versions up to, and including 1.7.5. This makes it possible for unauthenticated users to run arbitrary commands leading to remote command execution, granted they can trick a site administrator into performing an action such as clicking on a link. This makes it possible for an attacker to create and or modify files hosted on the server which can easily grant attackers backdoor access to the affected server.

Exploits (1)

exploitdb WORKING POC

by ABDO10 · textwebappsphp

https://www.exploit-db.com/exploits/51025

View Code ZIP pw:eip

This exploit targets a Remote Code Execution (RCE) vulnerability in the WordPress plugin ImageMagick-Engine version 1.7.4 and below. The vulnerability is exploited via the 'cli_path' parameter in an AJAX request, allowing authenticated users to execute arbitrary commands.

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: WordPress Plugin ImageMagick-Engine <= 1.7.4

Auth required

Prerequisites: Authenticated access to WordPress admin panel · Target plugin installed and activated

MITRE ATT&CK