Vulnerability Details
Basic Information
| Title | Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Imagemagick |
|---|---|
| Type | githubexploit |
| Published | 2025-05-02T21:31:39 |
| Last Seen | 2025-05-03T03:03:45 |
| CVSS Score | 6.5 (MEDIUM) |
CVSS v3 Details
| Attack Vector | NETWORK |
|---|---|
| Attack Complexity | LOW |
| Privileges Required | NONE |
| User Interaction | REQUIRED |
| Scope | UNCHANGED |
| Confidentiality Impact | HIGH |
| Integrity Impact | NONE |
| Availability Impact | NONE |
CVE Information
| CVE IDs | CVE-2022-44268 |
|---|---|
| CWE | |
| Bulletin Family | exploit |
Description
# CVE-2022-44268 Arbitrary File Read PoC – PNG generator
This is a proof of concept of the ImageMagick bug discovered by https://www.metabaseq.com/imagemagick-zero-days/
This is an automated tool for Pilgrimage HackTheBox challenge.
This is a fork from https://git.rotfl.io/v/CVE-2022-44268.
Tested on ImageMagick v. 7.1.0-48 and 6.9.11-60
This is a proof of concept of the ImageMagick bug discovered by https://www.metabaseq.com/imagemagick-zero-days/
This is an automated tool for Pilgrimage HackTheBox challenge.
This is a fork from https://git.rotfl.io/v/CVE-2022-44268.
Tested on ImageMagick v. 7.1.0-48 and 6.9.11-60
## How to use
### Clone the project
`git clone https://github.com/katseyres2/CVE-2022-44268-pilgrimage`
### Run the project
`bash main.sh /etc/passwd`
Impact Assessment
| Base Score | 6.5 |
|---|---|
| Severity | MEDIUM |