Unpatched RCE Bug in dompdf Project Affects HTML to PDF Converters,
Researchers have disclosed an unpatched security vulnerability in « dompdf, » a PHP-based HTML to PDF converter, that, if successfully exploited, could lead to remote code execution in certain configurations.
« By injecting CSS into the data processed by dompdf, it can be tricked into storing a malicious font with a .php file extension in its font cache, which can later be executed by accessing it
« By injecting CSS into the data processed by dompdf, it can be tricked into storing a malicious font with a .php file extension in its font cache, which can later be executed by accessing it
,
Researchers have disclosed an unpatched security vulnerability in « dompdf, » a PHP-based HTML to PDF converter, that, if successfully exploited, could lead to remote code execution in certain configurations.
« By injecting CSS into the data processed by dompdf, it can be tricked into storing a malicious font with a .php file extension in its font cache, which can later be executed by accessing it
« By injecting CSS into the data processed by dompdf, it can be tricked into storing a malicious font with a .php file extension in its font cache, which can later be executed by accessing it
, ,
https://thehackernews.com/2022/03/unpatched-rce-bug-in-dompdf-project.html