Primary

Context

Omnispace Agora Project File Upload Vulnerability Allowing Code Execution via Imagick Library

Vulnerability

Patched

A file upload vulnerability has been identified in the Omnispace Agora Project, affecting versions prior to 25.10. This vulnerability allows attackers to execute code through the MSL engine of the Imagick library. The issue arises from the improper handling of PDF files uploaded via the file upload and thumbnail functions.

Impact

Exploitation of this vulnerability allows for arbitrary code execution on the server.

Reproduction

To reproduce this vulnerability, upload a crafted PDF file that exploits the Imagick library's MSL engine. Once the file is uploaded, the thumbnail generation process will trigger the execution of the embedded PHP code.

Remediation

Users are advised to update to version 25.10 or later. Additionally, ImageMagick should be configured to disable MSL execution by adding a policy rule that denies all rights to the MSL coder.

Added: Jan 15, 2026, 4:21 PM

Updated: Jan 15, 2026, 4:21 PM

Vulnerability Rating

Custom Algorithm

spread

0.8

impact

10.0

exploitability

5.6

remediation

7.7

relevance

2.0

threat

1.6

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.8

impact

10.0

exploitability

5.6

remediation

7.7

relevance

2.0

threat

1.6

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Omnispace Agora Project File Upload Vulnerability Allowing Code Execution via Imagick Library

Vulnerability

Impact

Reproduction

Remediation

Affected Products

Agora Project

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating