logo
DATABASE RESOURCES PRICING ABOUT US

PDF Light Viewer < 1.4.12 - Authenticated Command Injection

Description

The plugin allows users with Author roles to execute arbitrary OS command on the server via OS Command Injection when invoking Ghostscript. ### PoC 1) Go to Import PDF. 2) Select PDF file. 3) Set compression as 60 | calc | echo 4) Toggle import (the first checkbox) 5) Publish or update 6) Command executes


Affected Software


CPE Name Name Version
pdf-light-viewer 1.4.12

Related