Lucene search

GitHub Advisory DatabaseGHSA-48R9-4V93-X4WH

HistoryMay 17, 2022 - 5:29 a.m.

DOMPDF Remote File Inclusion Vulnerability

2022-05-1705:29:50

CWE-94

GitHub Advisory Database

github.com

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

7.8 High

AI Score

Confidence

High

0.013 Low

EPSS

Percentile

86.2%

JSON

PHP remote file inclusion vulnerability in dompdf.php in dompdf 0.6.0 beta1 allows remote attackers to execute arbitrary PHP code via a URL in the input_file parameter.

Affected configurations

Vulners

Node

dompdfdompdfRange<0.6.1

CPENameOperatorVersion
dompdf/dompdflt0.6.1

CPE	Name	Operator	Version
	dompdf/dompdf	lt	0.6.1

References

www.exploit-db.com/exploits/14851

github.com/advisories/GHSA-48r9-4v93-x4wh

github.com/dompdf/dompdf/commit/23a693993299e669306929e3d49a4a1f7b3fb028

github.com/dompdf/dompdf/releases/tag/v0.6.2

github.com/dompdf/dompdf/wiki/Securing-dompdf

github.com/FriendsOfPHP/security-advisories/blob/master/dompdf/dompdf/CVE-2010-4879.yaml

nvd.nist.gov/vuln/detail/CVE-2010-4879

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

7.8 High

AI Score

Confidence

High

0.013 Low

EPSS

Percentile

86.2%

JSON

Related for GHSA-48R9-4V93-X4WH