Show filters
2 Total Results
Displaying 1-2 of 2
Sort by:
Attacker Value
Unknown

CVE-2014-5013

Disclosure Date: January 10, 2020 (last updated November 28, 2024)
DOMPDF before 0.6.2 allows remote code execution, a related issue to CVE-2014-2383.
Attack Vector: NetworkPrivileges: NoneUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2014-2383

Disclosure Date: April 28, 2014 (last updated October 05, 2023)
dompdf.php in dompdf before 0.6.1, when DOMPDF_ENABLE_PHP is enabled, allows context-dependent attackers to bypass chroot protections and read arbitrary files via a PHP protocol and wrappers in the input_file parameter, as demonstrated by a php://filter/read=convert.base64-encode/resource in the input_file parameter.
0
0