CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

7 matches found

OSV•added 2022/09/26 12:0 a.m.•27 views

GHSA-6X28-7H8C-CHX4 Dompdf allows remote file inclusion because URI validation failure does not halt font registration

registerFont in FontMetrics.php in Dompdf before 2.0.1 allows remote file inclusion because a URI validation failure does not halt font registration, as demonstrated by a @font-face rule...

7.5CVSS7.5AI score0.04057EPSS

Exploits3References9

OSV•added 2022/09/25 7:15 p.m.•18 views

CVE-2022-41343

registerFont in FontMetrics.php in Dompdf before 2.0.1 allows remote file inclusion because a URI validation failure does not halt font registration, as demonstrated by a @font-face rule...

7.5CVSS7.5AI score0.04057EPSS

Exploits3References4

Prion•added 2022/09/25 7:15 p.m.•20 views

Remote file inclusion

registerFont in FontMetrics.php in Dompdf before 2.0.1 allows remote file inclusion because a URI validation failure does not halt font registration, as demonstrated by a @font-face rule...

5CVSS7.5AI score0.04057EPSS

Exploits3References4Affected Software1

Positive Technologies•added 2022/09/25 12:0 a.m.•5 views

PT-2022-25819 · Dompdf · Dompdf

Name of the Vulnerable Software and Affected Versions: Dompdf versions prior to 2.0.1 Description: The issue allows remote file inclusion because a URI validation failure does not halt font registration, as demonstrated by a @font-face rule. This is related to the registerFont function in...

7.5CVSS7.3AI score0.04057EPSS

Exploits3References19

Cvelist•added 2022/09/25 12:0 a.m.•29 views

CVE-2022-41343

registerFont in FontMetrics.php in Dompdf before 2.0.1 allows remote file inclusion because a URI validation failure does not halt font registration, as demonstrated by a @font-face rule...

7.7AI score0.04057EPSS

Exploits3References4

CVE•added 2022/09/25 12:0 a.m.•99 views

CVE-2022-41343

CVE-2022-41343 affects Dompdf before 2.0.1, where registerFont in FontMetrics.php allows remote file inclusion because URI validation fails to stop font registration. Exploit PoCs and Python scripts/staged reverse-shell demos exist (e.g., via @font-face). Impact is remote access to font assets po...

7.5CVSS7.4AI score0.04057EPSS

Exploits3References4Affected Software1

Debian CVE•added 2022/09/25 12:0 a.m.•29 views

CVE-2022-41343

registerFont in FontMetrics.php in Dompdf before 2.0.1 allows remote file inclusion because a URI validation failure does not halt font registration, as demonstrated by a @font-face rule...

7.5CVSS7.5AI score0.04057EPSS

Exploits3

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by