QwikSec

Security Database

CVE

CWE

Training

CVE-2014-2383

Published: Apr 28, 2014

Modified: Aug 6, 2024

PUBLISHED

Description

dompdf.php in dompdf before 0.6.1, when DOMPDF_ENABLE_PHP is enabled, allows context-dependent attackers to bypass chroot protections and read arbitrary files via a PHP protocol and wrappers in the input_file parameter, as demonstrated by a php://filter/read=convert.base64-encode/resource in the input_file parameter.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-2383/

https://github.com/dompdf/dompdf/commit/23a693993299e669306929e3d49a4a1f7b3fb028

20140423 CVE-2014-2383 - Arbitrary file read in dompdf

mailing-list

20140423 CVE-2014-2383 - Arbitrary file read in dompdf

mailing-list

https://explore.avertium.com/resource/lfi-rfi-escalation-to-rce

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.