Vulnerability Deep Dive: Gaining RCE Through ImageMagick With Frans Rosen

This report analyzes a 2018 file-upload vulnerability in Semrush's My Report feature where an unpatched ImageMagick/GhostScript setup allowed PostScript/PDF/EPS files to trigger remote code execution; it includes PoC PostScript payloads that use setpagedevice/OutputFile/%pipe% to spawn a reverse shell, explains the GhostScript safety controls and attack mechanics, and recommends blocking PS/EPS/PDF/XPS coders via policy.xml or running GhostScript with -dSAFER.