Pdfding
Monthly
Unauthorized access to password-protected PDFs in PdfDing versions prior to 1.7.0 allows unauthenticated remote attackers to bypass shared-link password verification and retrieve confidential documents via direct file-serving endpoint calls. The vulnerability (CWE-863: Incorrect Authorization) has CVSS 7.5 (High) severity with network attack vector requiring no privileges or user interaction. EPSS data not available; no evidence of active exploitation (not in CISA KEV). Publicly available exploit code exists via GitHub commit demonstrating the bypass mechanism. Vendor-released patch available in version 1.7.0.
PdfDing prior to version 1.7.1 permits authenticated users to bypass access controls on shared PDF documents by accessing content after expiration, view limits, or soft-deletion due to incomplete validation in the check_shared_access_allowed() function. The Serve and Download endpoints rely solely on session existence checks without verifying SharedPdf.inactive or SharedPdf.deleted flags, allowing previously-authorized users to retrieve sensitive content that should no longer be accessible. This authentication bypass affects all versions before 1.7.1 and requires valid authentication credentials to exploit.
Unauthorized access to password-protected PDFs in PdfDing versions prior to 1.7.0 allows unauthenticated remote attackers to bypass shared-link password verification and retrieve confidential documents via direct file-serving endpoint calls. The vulnerability (CWE-863: Incorrect Authorization) has CVSS 7.5 (High) severity with network attack vector requiring no privileges or user interaction. EPSS data not available; no evidence of active exploitation (not in CISA KEV). Publicly available exploit code exists via GitHub commit demonstrating the bypass mechanism. Vendor-released patch available in version 1.7.0.
PdfDing prior to version 1.7.1 permits authenticated users to bypass access controls on shared PDF documents by accessing content after expiration, view limits, or soft-deletion due to incomplete validation in the check_shared_access_allowed() function. The Serve and Download endpoints rely solely on session existence checks without verifying SharedPdf.inactive or SharedPdf.deleted flags, allowing previously-authorized users to retrieve sensitive content that should no longer be accessible. This authentication bypass affects all versions before 1.7.1 and requires valid authentication credentials to exploit.