9.6 High
AI Score
Confidence
High
0.003 Low
EPSS
Percentile
70.9%
tripexpress v1.1 is affected by a path manipulation vulnerability in file system/helpers/dompdf/load_font.php. The variable src is coming from $_SERVER[βargvβ] then there is a path manipulation vulnerability.
github.com/toocool/tripexpress/issues/40