Bill@cR0w@infosec.exchange I'm fairly sure there is no one using IM any more.
The last vuln cleaned them out.
cR0w@Sempf@infosec.exchange A lot of people install it on Nextcloud for SVG support. Which is like shooting yourself in both feet but YOLOSEC or something, IDK.
Bill@cR0w@infosec.exchange I can't imagine that a coder worth their salt would even sniff in that direction.
But, on the other hand, I've been around for a while, so my imagination is pretty good.
cR0w@Sempf@infosec.exchange It's not coders though, it's admins. For example, I see this in the Security and Setup Warnings on my Nextcloud servers. How many server admins are going to understand that risk?
Bill@cR0w@infosec.exchange Oh man, I didn't know about that. Any idea what PHP app is asking for that? I think even the PHP folx have started dissuading people from using it.
cR0w@Sempf@infosec.exchange Apparently it's for generating image previews but I don't know the specific app. I don't install it and things work fine, but I don't work with SVGs either so maybe that's where it matters.
Bill@cR0w@infosec.exchange It does have the easiest to use SVG classes, especially for "easy" languages like VB.NET and PHP.