mirror of
https://github.com/0xMarcio/cve.git
synced 2025-12-30 04:49:42 +00:00
1.2 KiB
1.2 KiB
CVE-2018-17057
Description
An issue was discovered in TCPDF before 6.2.22. Attackers can trigger deserialization of arbitrary data via the phar:// wrapper.
POC
Reference
- http://packetstormsecurity.com/files/152200/TCPDF-6.2.19-Deserialization-Remote-Code-Execution.html
- http://packetstormsecurity.com/files/152360/LimeSurvey-Deserialization-Remote-Code-Execution.html
- http://seclists.org/fulldisclosure/2019/Mar/36
- https://www.exploit-db.com/exploits/46634/
Github
- https://github.com/ARPSyndicate/cvemon
- https://github.com/AfvanMoopen/tryhackme-
- https://github.com/Tiaonmmn/ccc_2019_web_pdfcreator
- https://github.com/alphaSeclab/sec-daily-2019
- https://github.com/catsecorg/CatSec-TryHackMe-WriteUps
- https://github.com/electronforce/py2to3
- https://github.com/nhthongDfVn/File-Converter-Exploit
- https://github.com/testermas/tryhackme