CyberSec.Space Logo
返回 CVE 瀏覽器

CVE-2021-3838

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.0950%
EPSS Percentile9.29th
Published2024年11月15日
Last Modified2024年11月19日

Vulnerability Description

DomPDF before version 2.0.0 is vulnerable to PHAR deserialization due to a lack of checking on the protocol before passing it into the file_get_contents() function. An attacker who can upload files of any type to the server can pass in the phar:// protocol to unserialize the uploaded file and instantiate arbitrary PHP objects. This can lead to remote code execution, especially when DOMPdf is used with frameworks with documented POP chains like Laravel or vulnerable developer code.

Affected Platforms (CPE)

📦
Dompdf Project

Dompdf

< 2.0.0

References & Advisories

🔗 https://github.com/dompdf/dompdf/commit/99aeec1efec9213e87098d42eb09439e7ee0bb6a
🔗 https://huntr.com/bounties/0bdddc12-ff67-4815-ab9f-6011a974f48e

相關漏洞威脅

CVE-2014-50138.8

DOMPDF before 0.6.2 allows remote code execution, a related issue to CVE-2014-2383.

CVE-2014-62357.5

Unspecified vulnerability in the ke DomPDF extension before 0.0.5 for TYPO3 allows remote attackers to execute arbitrary code via ...

CVE-2010-48797.5

PHP remote file inclusion vulnerability in dompdf.php in dompdf 0.6.0 beta1 allows remote attackers to execute arbitrary PHP code ...

CVE-2013-07247.5

PHP remote file inclusion vulnerability in includes/generate-pdf.php in the WP ecommerce Shop Styling plugin for WordPress before ...