cve/CVE-2014-2383.md at 18943f3353ca1cc3fd2595afa412856465e29c78

admin/cve

mirror of https://github.com/0xMarcio/cve.git synced 2025-12-30 04:49:42 +00:00

0xMarcio 48a00929ac Removed duplicates

2024-06-18 02:51:15 +02:00

Description

dompdf.php in dompdf before 0.6.1, when DOMPDF_ENABLE_PHP is enabled, allows context-dependent attackers to bypass chroot protections and read arbitrary files via a PHP protocol and wrappers in the input_file parameter, as demonstrated by a php://filter/read=convert.base64-encode/resource in the input_file parameter.

POC

Reference

https://explore.avertium.com/resource/lfi-rfi-escalation-to-rce

Github

https://github.com/ARPSyndicate/cvemon
https://github.com/ARPSyndicate/kenzer-templates
https://github.com/DavidePastore/composer-audit
https://github.com/H0j3n/EzpzCheatSheet
https://github.com/Live-Hack-CVE/CVE-2014-2383
https://github.com/Relativ3Pa1n/CVE-2014-2383-LFI-to-RCE-Escalation
https://github.com/nhthongDfVn/File-Converter-Exploit
https://github.com/violinist-dev/symfony-cloud-security-checker

1.2 KiB Raw Blame History

CVE-2014-2383

Description

POC

Reference

Github

1.2 KiB

Raw Blame History