CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

7 matches found

OSV•added 2022/09/26 12:0 a.m.•25 views

GHSA-6X28-7H8C-CHX4 Dompdf allows remote file inclusion because URI validation failure does not halt font registration

registerFont in FontMetrics.php in Dompdf before 2.0.1 allows remote file inclusion because a URI validation failure does not halt font registration, as demonstrated by a @font-face rule...

7.5CVSS7.5AI score0.54023EPSS

Exploits3References9

OSV•added 2022/09/25 7:15 p.m.•13 views

CVE-2022-41343

registerFont in FontMetrics.php in Dompdf before 2.0.1 allows remote file inclusion because a URI validation failure does not halt font registration, as demonstrated by a @font-face rule...

7.5CVSS7.5AI score0.54023EPSS

Exploits3References4

Prion•added 2022/09/25 7:15 p.m.•16 views

Remote file inclusion

registerFont in FontMetrics.php in Dompdf before 2.0.1 allows remote file inclusion because a URI validation failure does not halt font registration, as demonstrated by a @font-face rule...

5CVSS7.5AI score0.54023EPSS

Exploits3References4Affected Software1

Cvelist•added 2022/09/25 12:0 a.m.•18 views

CVE-2022-41343

registerFont in FontMetrics.php in Dompdf before 2.0.1 allows remote file inclusion because a URI validation failure does not halt font registration, as demonstrated by a @font-face rule...

7.7AI score0.54023EPSS

Exploits3References4

Debian CVE•added 2022/09/25 12:0 a.m.•27 views

CVE-2022-41343

registerFont in FontMetrics.php in Dompdf before 2.0.1 allows remote file inclusion because a URI validation failure does not halt font registration, as demonstrated by a @font-face rule...

7.5CVSS7.5AI score0.54023EPSS

Exploits3

Positive Technologies•added 2022/09/25 12:0 a.m.•2 views

PT-2022-25819 · Dompdf · Dompdf

Name of the Vulnerable Software and Affected Versions: Dompdf versions prior to 2.0.1 Description: The issue allows remote file inclusion because a URI validation failure does not halt font registration, as demonstrated by a @font-face rule. This is related to the registerFont function in...

7.5CVSS7.3AI score0.54023EPSS

Exploits3References19

CVE•added 2022/09/25 12:0 a.m.•97 views

CVE-2022-41343

CVE-2022-41343 affects Dompdf before 2.0.1, where registerFont in FontMetrics.php allows remote file inclusion because URI validation fails to stop font registration. Exploit PoCs and Python scripts/staged reverse-shell demos exist (e.g., via @font-face). Impact is remote access to font assets po...

7.5CVSS7.4AI score0.54023EPSS

Exploits3References4Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by