Skip to main content

Dompdf

8 CVEs product

Monthly

CVE-2023-50262 PHP HIGH POC PATCH This Week

Dompdf is an HTML to PDF converter for PHP. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Dompdf
NVD GitHub
CVSS 3.1
7.5
EPSS
1.5%
CVE-2023-24813 PHP CRITICAL POC PATCH Act Now

Dompdf is an HTML to PDF converter written in php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE PHP Deserialization Dompdf
NVD GitHub
CVSS 3.1
9.8
EPSS
2.5%
CVE-2023-23924 PHP CRITICAL POC PATCH Act Now

Dompdf is an HTML to PDF converter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE PHP Deserialization Dompdf
NVD GitHub
CVSS 3.1
9.8
EPSS
3.6%
CVE-2022-41343 PHP HIGH POC PATCH This Week

registerFont in FontMetrics.php in Dompdf before 2.0.1 allows remote file inclusion because a URI validation failure does not halt font registration, as demonstrated by a @font-face rule. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Path Traversal PHP Dompdf
NVD GitHub
CVSS 3.1
7.5
EPSS
4.2%
CVE-2022-2400 PHP MEDIUM POC PATCH This Month

External Control of File Name or Path in GitHub repository dompdf/dompdf prior to 2.0.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Dompdf
NVD GitHub
CVSS 3.1
5.3
EPSS
0.9%
CVE-2022-0085 PHP MEDIUM POC PATCH This Month

Server-Side Request Forgery (SSRF) in GitHub repository dompdf/dompdf prior to 2.0.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

SSRF Dompdf
NVD GitHub
CVSS 3.1
5.3
EPSS
1.0%
CVE-2022-28368 PHP CRITICAL POC PATCH THREAT Act Now

Dompdf 1.2.1 allows remote code execution via a .php file in the src:url field of an @font-face Cascading Style Sheets (CSS) statement (within an HTML input file). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

PHP RCE XSS Dompdf
NVD GitHub Exploit-DB
CVSS 3.1
9.8
EPSS
82.4%
CVE-2014-2383 PHP MEDIUM POC PATCH THREAT This Month

dompdf.php in dompdf before 0.6.1, when DOMPDF_ENABLE_PHP is enabled, allows context-dependent attackers to bypass chroot protections and read arbitrary files via a PHP protocol and wrappers in the. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 54.9%.

PHP Information Disclosure Dompdf
NVD GitHub Exploit-DB VulDB
CVSS 2.0
6.8
EPSS
54.9%
Threat
4.5
EPSS 1% CVSS 7.5
HIGH POC PATCH This Week

Dompdf is an HTML to PDF converter for PHP. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Dompdf
NVD GitHub
EPSS 2% CVSS 9.8
CRITICAL POC PATCH Act Now

Dompdf is an HTML to PDF converter written in php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE PHP Deserialization +1
NVD GitHub
EPSS 4% CVSS 9.8
CRITICAL POC PATCH Act Now

Dompdf is an HTML to PDF converter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE PHP Deserialization +1
NVD GitHub
EPSS 4% CVSS 7.5
HIGH POC PATCH This Week

registerFont in FontMetrics.php in Dompdf before 2.0.1 allows remote file inclusion because a URI validation failure does not halt font registration, as demonstrated by a @font-face rule. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Path Traversal PHP +1
NVD GitHub
EPSS 1% CVSS 5.3
MEDIUM POC PATCH This Month

External Control of File Name or Path in GitHub repository dompdf/dompdf prior to 2.0.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Dompdf
NVD GitHub
EPSS 1% CVSS 5.3
MEDIUM POC PATCH This Month

Server-Side Request Forgery (SSRF) in GitHub repository dompdf/dompdf prior to 2.0.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

SSRF Dompdf
NVD GitHub
EPSS 82% CVSS 9.8
CRITICAL POC PATCH THREAT Act Now

Dompdf 1.2.1 allows remote code execution via a .php file in the src:url field of an @font-face Cascading Style Sheets (CSS) statement (within an HTML input file). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

PHP RCE XSS +1
NVD GitHub Exploit-DB
EPSS 55% 4.5 CVSS 6.8
MEDIUM POC PATCH THREAT This Month

dompdf.php in dompdf before 0.6.1, when DOMPDF_ENABLE_PHP is enabled, allows context-dependent attackers to bypass chroot protections and read arbitrary files via a PHP protocol and wrappers in the. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 54.9%.

PHP Information Disclosure Dompdf
NVD GitHub Exploit-DB VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy