Published: 25/09/2022 Updated: 21/11/2022

CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9

VMScore: 0

registerFont in FontMetrics.php in Dompdf prior to 2.0.1 allows remote file inclusion because a URI validation failure does not halt font registration, as demonstrated by a @font-face rule.

Vulnerable Product	Search on Vulmon	Subscribe to Product
dompdf project dompdf

🐍 Python Exploit for CVE-2022-46169

CVE-2022-41343 🐍 Python Exploit for CVE-2022-46169 Staged Reverse Shell for Cacti <= 1222 Example cve-2022-46169 1010145 44444 -u cactihtb Usage usage: cve-2022-46169 [-h] -u URL [-s SHELL] ip port positional arguments: ip Shell Callback IP Address/Host port Shell Callback Po

🐍 Python Exploit for CVE-2022-23935

CVE-2022-41343 🐍 Python Exploit for CVE-2022-41343 Staged Reverse Shell for dompdf < 201 Based on: Positive Sec's write-up and PoC Example cve-2022-41343 1010163 44444 Usage usage: cve-2022-41343 [-h] [-l SERVER_PORT] [-s SHELL] [-n FONT_NAME] ip port positional arguments: ip Shell Callback IP Add

Get the questions/answers from a H5P quiz

h5p_quiz Get the questions/answers from a H5P quiz How? Copy/paste this into your console (F12) from (for example) module1 eval or module2 eval : var myWindow = windowopen("", "", "width=800,height=600"); for (const question of JSONparse(H5PIntegrationcontents[Objectkeys(H5PIntegrationcontents)]jsonContent)questions) { myWindowdocument

CWE-552 https://github.com/dompdf/dompdf/releases/tag/v2.0.1 https://github.com/dompdf/dompdf/issues/2994 https://github.com/dompdf/dompdf/pull/2995 https://tantosec.com/blog/cve-2022-41343/https://nvd.nist.gov https://github.com/BKreisel/CVE-2022-46169

CVE-2022-41343

Vulnerability Summary

Vulnerability Trend

Github Repositories

References

Vulmon Search

About

Products

Connect