TCPDF 4.5.036/4.9.5 - 'params' Attribute Remote Code Execution Weakness

2010-04-08T00:00:00
ID EDB-ID:33826
Type exploitdb
Reporter apoc
Modified 2010-04-08T00:00:00

Description

TCPDF 4.5.036/4.9.5 'params' Attribute Remote Code Execution Weakness. Remote exploit for linux platform

                                        
                                            source: http://www.securityfocus.com/bid/39315/info

TCPDF is prone to a security weakness that may allow attackers to execute arbitrary code.

An attacker can exploit this issue in conjunction with other latent vulnerabilities to execute arbitrary code with the privileges of the webserver.

Versions prior to TCPDF 4.9.006 are vulnerable. 

<tcpdf method="Rect" params=");echo `id`;die(" />