Lucene search
K

323 matches found

OSV
OSV
added 2022/05/17 5:29 a.m.17 views

GHSA-48R9-4V93-X4WH DOMPDF Remote File Inclusion Vulnerability

PHP remote file inclusion vulnerability in dompdf.php in dompdf 0.6.0 beta1 allows remote attackers to execute arbitrary PHP code via a URL in the inputfile parameter...

7.5CVSS8.8AI score0.05367EPSS
Exploits1References7
Github Security Blog
Github Security Blog
added 2022/05/14 2:53 a.m.20 views

DOMPDF Arbitrary File Read

dompdf.php in dompdf before 0.6.1, when DOMPDFENABLEPHP is enabled, allows context-dependent attackers to bypass chroot protections and read arbitrary files via a PHP protocol and wrappers in the inputfile parameter, as demonstrated by a php://filter/read=convert.base64-encode/resource in the...

6.8CVSS6.4AI score0.39374EPSS
Exploits6References6Affected Software1
OSV
OSV
added 2022/05/14 2:53 a.m.15 views

GHSA-QR6Q-W4GJ-3865 DOMPDF Arbitrary File Read

dompdf.php in dompdf before 0.6.1, when DOMPDFENABLEPHP is enabled, allows context-dependent attackers to bypass chroot protections and read arbitrary files via a PHP protocol and wrappers in the inputfile parameter, as demonstrated by a php://filter/read=convert.base64-encode/resource in the...

6.8CVSS8.4AI score0.39374EPSS
Exploits6References6
Veracode
Veracode
added 2022/04/04 7:50 a.m.35 views

Remote Code Execution (RCE)

Dompdf is vulnerable to remote code execution. The vulnerability exists due to a lack of sanitization of the font type via a .php file in the src:url field of an @font-face Cascading Style Sheets CSS statement within an HTML input file...

9.8CVSS1.5AI score0.82438EPSS
Exploits8References5Affected Software1
OSV
OSV
added 2022/04/04 12:0 a.m.379 views

GHSA-X752-QJV4-C4HC Remote code injection in dompdf/dompdf

Dompdf is an HTML to PDF converter. Dompdf before 1.2.1 allows remote code execution via a .php file in the src:url field of an @font-face Cascading Style Sheets CSS statement within an HTML input file...

9.8CVSS9.5AI score0.82438EPSS
Exploits8References11
Github Security Blog
Github Security Blog
added 2022/04/04 12:0 a.m.48 views

Remote code injection in dompdf/dompdf

Dompdf is an HTML to PDF converter. Dompdf before 1.2.1 allows remote code execution via a .php file in the src:url field of an @font-face Cascading Style Sheets CSS statement within an HTML input file...

9.8CVSS9.3AI score0.82438EPSS
Exploits8References10Affected Software1
ATTACKERKB
ATTACKERKB
added 2022/04/03 3:15 a.m.3 views

CVE-2022-28368

Dompdf 1.2.1 allows remote code execution via a .php file in the src:url field of an @font-face Cascading Style Sheets CSS statement within an HTML input file...

9.8CVSS6.4AI score0.82438EPSS
Exploits8References9
NVD
NVD
added 2022/04/03 3:15 a.m.19 views

CVE-2022-28368

Dompdf 1.2.1 allows remote code execution via a .php file in the src:url field of an @font-face Cascading Style Sheets CSS statement within an HTML input file...

9.8CVSS0.82438EPSS
Exploits8References7
OSV
OSV
added 2022/04/03 3:15 a.m.18 views

CVE-2022-28368

Dompdf 1.2.1 allows remote code execution via a .php file in the src:url field of an @font-face Cascading Style Sheets CSS statement within an HTML input file...

9.8CVSS9.6AI score
Exploits0References7
Prion
Prion
added 2022/04/03 3:15 a.m.23 views

Input validation

Dompdf 1.2.1 allows remote code execution via a .php file in the src:url field of an @font-face Cascading Style Sheets CSS statement within an HTML input file...

7.5CVSS9.5AI score0.82438EPSS
Exploits8References7Affected Software1
UbuntuCve
UbuntuCve
added 2022/04/03 3:15 a.m.30 views

CVE-2022-28368

Dompdf 1.2.1 allows remote code execution via a .php file in the src:url field of an @font-face Cascading Style Sheets CSS statement within an HTML input file...

9.8CVSS7.8AI score0.82438EPSS
Exploits8References9
Cvelist
Cvelist
added 2022/04/03 12:0 a.m.43 views

CVE-2022-28368

Dompdf 1.2.1 allows remote code execution via a .php file in the src:url field of an @font-face Cascading Style Sheets CSS statement within an HTML input file...

9.9AI score0.82438EPSS
Exploits8References7
CNNVD
CNNVD
added 2022/04/03 12:0 a.m.9 views

Dompdf 跨站脚本漏洞

Dompdf is an HTML to PDF converter. A cross-site scripting vulnerability exists in Dompdf version 1.2.1 that allows remote code execution via a .php file in the src:url field of an @font-face cascading style sheet CSS statement...

9.8CVSS8.8AI score0.82438EPSS
Exploits8References8
CVE
CVE
added 2022/04/03 12:0 a.m.177 views

CVE-2022-28368

Dompdf 1.2.1 is vulnerable to remote code execution through a .php file placed in the src:url field of an @font-face CSS rule within an HTML input. The issue arises in the cached font handling, allowing an attacker to execute arbitrary PHP when the font cache is processed. Multiple public referen...

9.8CVSS9.5AI score0.82438EPSS
Exploits8References7Affected Software1
Debian CVE
Debian CVE
added 2022/04/03 12:0 a.m.56 views

CVE-2022-28368

Dompdf 1.2.1 allows remote code execution via a .php file in the src:url field of an @font-face Cascading Style Sheets CSS statement within an HTML input file...

9.8CVSS9.7AI score0.82438EPSS
Exploits8
Positive Technologies
Positive Technologies
added 2022/04/03 12:0 a.m.8 views

PT-2022-18977 · Dompdf · Dompdf

Name of the Vulnerable Software and Affected Versions: Dompdf versions prior to 1.2.1 Description: The issue allows remote code execution via a .php file in the src field of an @font-face Cascading Style Sheets CSS statement within an HTML input file. This is a general information about the issue...

9.8CVSS9.5AI score0.82438EPSS
Exploits8References17
Friends Of PHP
Friends Of PHP
added 2022/03/24 1:59 p.m.30 views

Remote code injection via remote fonts

Dompdf is an HTML to PDF converter. Dompdf before 1.2.1 allows remote code execution via a .php file in the src:url field of an @font-face Cascading Style Sheets CSS statement within an HTML input file...

9.8CVSS9.5AI score0.82438EPSS
Exploits8Affected Software1
BDU FSTEC
BDU FSTEC
added 2022/03/18 12:0 a.m.8 views

The vulnerability of the PHP library for generating PDF documents from HTML markup and CSS styles, Dompdf, allows a hacker to execute arbitrary code.

The vulnerability of the PHP library for generating PDF documents from HTML markup and CSS styles, Dompdf, is related to the lack of protective measures for the structure of web pages. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...

7.2CVSS5.9AI score
Exploits0References4Affected Software1
The Hacker News
The Hacker News
added 2022/03/16 1:14 p.m.45 views

Unpatched RCE Bug in dompdf Project Affects HTML to PDF Converters

Researchers have disclosed an unpatched security vulnerability in "dompdf," a PHP-based HTML to PDF converter, that, if successfully exploited, could lead to remote code execution in certain configurations. "By injecting CSS into the data processed by dompdf, it can be tricked into storing a...

0.1AI score
Exploits0
Huntr
Huntr
added 2022/01/02 5:58 a.m.32 views

Server-Side Request Forgery (SSRF) in dompdf/dompdf

Description DomPDF uses filegetcontents to obtain HTTP files when allowurlfopen is "On". On default contexts, filegetcontents will redirect whenever served with a 302 response. When developers use DomPDF with isRemoteEnabled set to "true" and allowurlfopen set to "true", but restrict IP addresses...

4.3CVSS4.6AI score0.00953EPSS
Exploits1
Rows per page
Query Builder