323 matches found
GHSA-48R9-4V93-X4WH DOMPDF Remote File Inclusion Vulnerability
PHP remote file inclusion vulnerability in dompdf.php in dompdf 0.6.0 beta1 allows remote attackers to execute arbitrary PHP code via a URL in the inputfile parameter...
DOMPDF Arbitrary File Read
dompdf.php in dompdf before 0.6.1, when DOMPDFENABLEPHP is enabled, allows context-dependent attackers to bypass chroot protections and read arbitrary files via a PHP protocol and wrappers in the inputfile parameter, as demonstrated by a php://filter/read=convert.base64-encode/resource in the...
GHSA-QR6Q-W4GJ-3865 DOMPDF Arbitrary File Read
dompdf.php in dompdf before 0.6.1, when DOMPDFENABLEPHP is enabled, allows context-dependent attackers to bypass chroot protections and read arbitrary files via a PHP protocol and wrappers in the inputfile parameter, as demonstrated by a php://filter/read=convert.base64-encode/resource in the...
Remote Code Execution (RCE)
Dompdf is vulnerable to remote code execution. The vulnerability exists due to a lack of sanitization of the font type via a .php file in the src:url field of an @font-face Cascading Style Sheets CSS statement within an HTML input file...
GHSA-X752-QJV4-C4HC Remote code injection in dompdf/dompdf
Dompdf is an HTML to PDF converter. Dompdf before 1.2.1 allows remote code execution via a .php file in the src:url field of an @font-face Cascading Style Sheets CSS statement within an HTML input file...
Remote code injection in dompdf/dompdf
Dompdf is an HTML to PDF converter. Dompdf before 1.2.1 allows remote code execution via a .php file in the src:url field of an @font-face Cascading Style Sheets CSS statement within an HTML input file...
CVE-2022-28368
Dompdf 1.2.1 allows remote code execution via a .php file in the src:url field of an @font-face Cascading Style Sheets CSS statement within an HTML input file...
CVE-2022-28368
Dompdf 1.2.1 allows remote code execution via a .php file in the src:url field of an @font-face Cascading Style Sheets CSS statement within an HTML input file...
CVE-2022-28368
Dompdf 1.2.1 allows remote code execution via a .php file in the src:url field of an @font-face Cascading Style Sheets CSS statement within an HTML input file...
Input validation
Dompdf 1.2.1 allows remote code execution via a .php file in the src:url field of an @font-face Cascading Style Sheets CSS statement within an HTML input file...
CVE-2022-28368
Dompdf 1.2.1 allows remote code execution via a .php file in the src:url field of an @font-face Cascading Style Sheets CSS statement within an HTML input file...
CVE-2022-28368
Dompdf 1.2.1 allows remote code execution via a .php file in the src:url field of an @font-face Cascading Style Sheets CSS statement within an HTML input file...
Dompdf 跨站脚本漏洞
Dompdf is an HTML to PDF converter. A cross-site scripting vulnerability exists in Dompdf version 1.2.1 that allows remote code execution via a .php file in the src:url field of an @font-face cascading style sheet CSS statement...
CVE-2022-28368
Dompdf 1.2.1 is vulnerable to remote code execution through a .php file placed in the src:url field of an @font-face CSS rule within an HTML input. The issue arises in the cached font handling, allowing an attacker to execute arbitrary PHP when the font cache is processed. Multiple public referen...
CVE-2022-28368
Dompdf 1.2.1 allows remote code execution via a .php file in the src:url field of an @font-face Cascading Style Sheets CSS statement within an HTML input file...
PT-2022-18977 · Dompdf · Dompdf
Name of the Vulnerable Software and Affected Versions: Dompdf versions prior to 1.2.1 Description: The issue allows remote code execution via a .php file in the src field of an @font-face Cascading Style Sheets CSS statement within an HTML input file. This is a general information about the issue...
Remote code injection via remote fonts
Dompdf is an HTML to PDF converter. Dompdf before 1.2.1 allows remote code execution via a .php file in the src:url field of an @font-face Cascading Style Sheets CSS statement within an HTML input file...
The vulnerability of the PHP library for generating PDF documents from HTML markup and CSS styles, Dompdf, allows a hacker to execute arbitrary code.
The vulnerability of the PHP library for generating PDF documents from HTML markup and CSS styles, Dompdf, is related to the lack of protective measures for the structure of web pages. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...
Unpatched RCE Bug in dompdf Project Affects HTML to PDF Converters
Researchers have disclosed an unpatched security vulnerability in "dompdf," a PHP-based HTML to PDF converter, that, if successfully exploited, could lead to remote code execution in certain configurations. "By injecting CSS into the data processed by dompdf, it can be tricked into storing a...
Server-Side Request Forgery (SSRF) in dompdf/dompdf
Description DomPDF uses filegetcontents to obtain HTTP files when allowurlfopen is "On". On default contexts, filegetcontents will redirect whenever served with a 302 response. When developers use DomPDF with isRemoteEnabled set to "true" and allowurlfopen set to "true", but restrict IP addresses...