Description

File upload vulnerability in Omnispace Agora Project before 25.10 allowing attackers to execute code through the MSL engine of the Imagick library via crafted PDF file to the file upload and thumbnail functions.

Related CPE's

a

agora-project

agora-project

Vulnerable

References

https://www.agora-project.net

Product

https://www.helx.io/blog/advisory-agora-project/

Third Party Advisory

Weaknesses

134c704f-9b21-4f2e-91b3-4a467353bcc0

Secondary
CWE-434

CVSS impact metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.8 · Critical

Information

Source identifier

[email protected]

Vulnerability status

Analyzed

Published

2026-01-15T16:16:11.977Z

1 month ago

Last modified

2026-01-21T14:42:07.337Z

1 month ago