Lucene search
Debian Security Bug TrackerDEBIANCVE:CVE-2014-2383HistoryApr 28, 2014 - 2:09 p.m.
CVE-2014-2383
2014-04-2814:09:00
Debian Security Bug Tracker
security-tracker.debian.org
8
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.004 Low
EPSS
Percentile
72.1%
dompdf.php in dompdf before 0.6.1, when DOMPDF_ENABLE_PHP is enabled, allows context-dependent attackers to bypass chroot protections and read arbitrary files via a PHP protocol and wrappers in the input_file parameter, as demonstrated by a php://filter/read=convert.base64-encode/resource in the input_file parameter.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Debian | 12 | all | php-dompdf | < 0.6.1+dfsg-2 | php-dompdf_0.6.1+dfsg-2_all.deb |
| Debian | 11 | all | php-dompdf | < 0.6.1+dfsg-2 | php-dompdf_0.6.1+dfsg-2_all.deb |
| Debian | 10 | all | php-dompdf | < 0.6.1+dfsg-2 | php-dompdf_0.6.1+dfsg-2_all.deb |
| Debian | 999 | all | php-dompdf | < 0.6.1+dfsg-2 | php-dompdf_0.6.1+dfsg-2_all.deb |
| Debian | 13 | all | php-dompdf | < 0.6.1+dfsg-2 | php-dompdf_0.6.1+dfsg-2_all.deb |
Related
patchstack
patchstack
prion
prion
Design/Logic Flaw
2014-04-28 14:09:00
Remote code execution
2020-01-10 06:15:00
wpexploit
wpexploit
Multiple plugins - Unauthenticated Dompdf Local File Inclusion (LFI)
2020-03-24 00:00:00
packetstorm
packetstorm
dompdf 0.6.0 Arbitrary File Read
2014-04-23 00:00:00
ubuntucve
ubuntucve
CVE-2014-2383
2014-04-28 00:00:00
CVE-2014-5013
2020-01-10 00:00:00
zdt
zdt
dompdf 0.6.0 Arbitrary File Read Vulnerability
2014-04-24 00:00:00
exploitpack
exploitpack
dompdf 0.6.0 - dompdf.php?read Arbitrary File Read
2014-04-24 00:00:00
osv
osv
DOMPDF Arbitrary File Read
2022-05-14 02:53:19
DOMPDF Remote Code Execution
2022-05-17 19:57:15
veracode
veracode
Arbitrary File Read
2017-07-18 21:44:37
nuclei
nuclei
Dompdf < v0.6.0 - Local File Inclusion
2021-06-10 09:45:21
wpvulndb
wpvulndb
Multiple plugins - Unauthenticated Dompdf Local File Inclusion (LFI)
2020-03-24 00:00:00
seebug
seebug
dompdf 0.6.0 (dompdf.php, read param) - Arbitrary File Read
2014-07-01 00:00:00
securityvulns
securityvulns
CVE-2014-2383 - Arbitrary file read in dompdf
2014-05-04 00:00:00
github
github
DOMPDF Arbitrary File Read
2022-05-14 02:53:19
DOMPDF Remote Code Execution
2022-05-17 19:57:15
cve
cve
CVE-2014-2383
2014-04-28 14:09:00
CVE-2014-5013
2020-01-10 06:15:00
exploitdb
exploitdb
dompdf 0.6.0 - 'dompdf.php?read' Arbitrary File Read
2014-04-24 00:00:00
debiancve
debiancve
CVE-2014-5013
2020-01-10 06:15:00
friendsofphp
friendsofphp
PHP remote file inclusion vulnerability in dompdf.php
2014-03-10 21:57:58
nessus
nessus
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.004 Low
EPSS
Percentile
72.1%
Related for DEBIANCVE:CVE-2014-2383