Lucene search
PRIOn knowledge basePRION:CVE-2022-28368HistoryApr 03, 2022 - 3:15 a.m.
Input validation
2022-04-0303:15:00
PRIOn knowledge base
www.prio-n.com
8
Dompdf 1.2.1 allows remote code execution via a .php file in the src:url field of an @font-face Cascading Style Sheets (CSS) statement (within an HTML input file).
References
packetstormsecurity.com/files/171738/Dompdf-1.2.1-Remote-Code-Execution.html
github.com/dompdf/dompdf/commit/4c70e1025bcd9b7694b95dd552499bd83cd6141d
github.com/dompdf/dompdf/issues/2598
github.com/dompdf/dompdf/pull/2808
github.com/snyk-labs/php-goof
packagist.org/packages/dompdf/dompdf
snyk.io/blog/security-alert-php-pdf-library-dompdf-rce/
Related
cve
cve
CVE-2022-28368
2022-04-03 03:15:08
nvd
nvd
CVE-2022-28368
2022-04-03 03:15:08
github
github
Remote code injection in dompdf/dompdf
2022-04-04 00:00:55
zdt
zdt
Dompdf 1.2.1 - Remote Code Execution Exploit
2023-04-06 00:00:00
veracode
veracode
Remote Code Execution (RCE)
2022-04-04 07:50:43
friendsofphp
friendsofphp
Remote code injection via remote fonts
2022-03-24 13:59:00
ubuntucve
ubuntucve
CVE-2022-28368
2022-04-03 00:00:00
cvelist
cvelist
CVE-2022-28368
2022-04-03 00:00:00
debiancve
debiancve
CVE-2022-28368
2022-04-03 03:15:08
osv
osv
CVE-2022-28368
2022-04-03 03:15:08
Remote code injection in dompdf/dompdf
2022-04-04 00:00:55
packetstorm
packetstorm
Dompdf 1.2.1 Remote Code Execution
2023-04-06 00:00:00
githubexploit
githubexploit
Exploit for Cross-site Scripting in Dompdf Project Dompdf
2023-04-28 09:49:05
Exploit for Cross-site Scripting in Dompdf Project Dompdf
2023-02-13 08:10:00
exploitdb
exploitdb
Dompdf 1.2.1 - Remote Code Execution (RCE)
2023-04-06 00:00:00