CVE-2026-27895

LDAP Account Manager LAM is a webfrontend for managing entries e.g. users, groups, DHCP settings stored in an LDAP directory. Prior to version 9.5, the PDF export component does not correctly validate uploaded file extensions. This way any file type including .php files can be uploaded. With...

CVE-2020-36944 ILIAS Learning Management System 4.3 - SSRF

ILIAS Learning Management System 4.3 contains a server-side request forgery vulnerability that allows attackers to read local files through portfolio PDF export functionality. Attackers can inject a script that uses XMLHttpRequest to retrieve local file contents when the portfolio is exported to...

CVE-2020-36867

Nagios XI versions prior to 5.7.3 contain a command injection vulnerability in the report PDF download/export functionality. User-supplied values used in the PDF generation pipeline or the wrapper that invokes offline/pdf helper utilities were insufficiently validated or improperly escaped,...

PT-2022-6323 · Canonical · Ubuntu

Name of the Vulnerable Software and Affected Versions: Mahara versions 21.04 through 21.04.6 Mahara versions 21.10 through 21.10.4 Mahara versions 22.04 through 22.04.2 Mahara version 22.10.0 Description: The vulnerability exists due to the lack of protection of the web page structure in the PDF...

CVE-2021-36202

CVE-2021-36202 describes a Server-Side Request Forgery (SSRF) in Johnson Controls Metasys’ MUI PDF export feature. An authenticated attacker could inject malicious code via this export path. Affected products are Metasys ADS/ADX/OAS versions prior to 10.1.5 and versions prior to 11.0.2. Mitigatio...