Published: 28/04/2014 Updated: 02/02/2023

CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6

VMScore: 686

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

dompdf.php in dompdf prior to 0.6.1, when DOMPDF_ENABLE_PHP is enabled, allows context-dependent malicious users to bypass chroot protections and read arbitrary files via a PHP protocol and wrappers in the input_file parameter, as demonstrated by a php://filter/read=convert.base64-encode/resource in the input_file parameter.

Vulnerable Product	Search on Vulmon	Subscribe to Product
dompdf dompdf

Debian Bug report logs - #745619 dompdf: CVE-2014-2383: arbitrary file read Package: php-dompdf; Maintainer for php-dompdf is Debian PHP PEAR Maintainers <pkg-php-pear@listsaliothdebianorg>; Source for php-dompdf is src:php-dompdf (PTS, buildd, popcon) Reported by: Henri Salo <henri@nervfi> Date: Wed, 23 Apr 2014 ...

Debian Bug report logs - #813849 Multiple security issues Package: php-dompdf; Maintainer for php-dompdf is Debian PHP PEAR Maintainers <pkg-php-pear@listsaliothdebianorg>; Source for php-dompdf is src:php-dompdf (PTS, buildd, popcon) Reported by: David Prévot <taffit@debianorg> Date: Fri, 5 Feb 2016 23:12:02 U ...

Vulnerability title: Arbitrary file read in dompdf CVE: CVE-2014-2383 Vendor: dompdf Product: dompdf Affected version: v060 Fixed version: v061 (partial fix) Reported by: Alejo Murillo Moyas Details: An arbitrary file read vulnerability is present on dompdfphp file that allows remote or local attackers to read local files using a special craf ...

dompdf version 060 suffers from an arbitrary file read vulnerability ...

A composer plugin that checks if your application uses dependencies with known security vulnerabilities (it uses SensioLabs Security Checker)

Warning This project is not maintained anymore Since version 240-RC1, Composer officially supports the audit command that checks for known security vulnerabilities composer-audit A composer plugin that checks if your application uses dependencies with known security vulnerabilities (it uses SensioLabs Security Checker) Installation Using the composer command: $ composer

CVE-2014-2383 LFI/RFI escalation to RCE Testing environment: dompdf 060 - php 7333 - apache 2425 During a security assessment the presence of CVE-2014-2383 was discovered This document is a proof of concept and does not include the details from the initial discovery in order to protect client privacy The conent in this document does however mimic the environment in whic

CWE-200 http://seclists.org/fulldisclosure/2014/Apr/258 https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-2383/https://github.com/dompdf/dompdf/commit/23a693993299e669306929e3d49a4a1f7b3fb028 http://www.securityfocus.com/archive/1/531912/100/0/threaded https://explore.avertium.com/resource/lfi-rfi-escalation-to-rce https://nvd.nist.gov https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=745619 https://github.com/DavidePastore/composer-audit https://www.exploit-db.com/exploits/33004/

CVE-2014-2383

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Exploits

Github Repositories

References

Vulmon Search

About

Products

Connect