Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

dompdf 0.6.0 Arbitrary File Read Vulnerability

🗓️ 24 Apr 2014 00:00:00Reported by PortcullisType 
zdt
 zdt🔗 0day.today👁 162 Views

Arbitrary file read in dompdf v0.6.0, allows attackers to read local files using crafted argumen

Related
Code
ReporterTitlePublishedViews
Family
Circl		CVE-2014-2383
24 Apr 201400:00
circl
CVE		CVE-2014-2383
28 Apr 201400:00
cve
Cvelist		CVE-2014-2383
28 Apr 201400:00
cvelist
Debian CVE		CVE-2014-2383
28 Apr 201400:00
debiancve
Exploit DB		dompdf 0.6.0 - 'dompdf.php?read' Arbitrary File Read
24 Apr 201400:00
exploitdb
exploitpack		dompdf 0.6.0 - dompdf.php?read Arbitrary File Read
24 Apr 201400:00
exploitpack
Friends Of PHP		PHP remote file inclusion vulnerability in dompdf.php
10 Mar 201421:57
friendsofphp
Friends Of PHP		PHP remote file inclusion vulnerability in dompdf.php
10 Mar 201421:57
friendsofphp
Friends Of PHP		Arbitrary file read in dompdf
10 Mar 201421:57
friendsofphp
Friends Of PHP		Information Disclosure
7 Dec 201500:07
friendsofphp
Rows per page
Vulnerability title: Arbitrary file read in dompdf
CVE: CVE-2014-2383
Vendor: dompdf
Product: dompdf
Affected version: v0.6.0
Fixed version: v0.6.1 (partial fix)
Reported by: Alejo Murillo Moyas
 
Details:
An arbitrary file read vulnerability is present on dompdf.php file that
allows remote or local attackers to read local files using a special
crafted argument. This vulnerability requires the configuration flag
DOMPDF_ENABLE_PHP to be enabled (which is disabled by default).
 
Using PHP protocol and wrappers it is possible to bypass the dompdf's
"chroot" protection (DOMPDF_CHROOT) which prevents dompdf from accessing
system files or other files on the webserver. Please note that the flag
DOMPDF_ENABLE_REMOTE needs to be enabled.
 
Command line interface:
php dompdf.php
php://filter/read=convert.base64-encode/resource=<PATH_TO_THE_FILE>
 
Web interface:
    
http://example/dompdf.php?input_file=php://filter/read=convert.base64-encode/resource=<PATH_TO_THE_FILE>
         
 
Further details at:
https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-2383/

#  0day.today [2018-01-05]  #

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
24 Apr 2014 00:00Current
0.1Low risk
Vulners AI Score0.1
EPSS0.5489
dompdfarbitrary file readvulnerabilitycve-2014-2383file readremote attackerslocal attackersphp protocolwrapperbypasschroot protectionenable phpenable remoteconfiguration flagcommand lineweb interface
162