dompdf.php in dompdf before 0.6.1, when DOMPDF_ENABLE_PHP is enabled, allows context-dependent attackers to bypass chroot protections and read arbitrary files via a PHP protocol and wrappers in the input_file parameter, as demonstrated by a php://filter/read=convert.base64-encode/resource in the input_file parameter.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2014-04-28T00:00:00
Updated: 2024-08-06T10:14:25.879Z
Reserved: 2014-03-13T00:00:00
Link: CVE-2014-2383
Vulnrichment
No data.
NVD
Status : Modified
Published: 2014-04-28T14:09:06.707
Modified: 2024-11-21T02:06:11.160
Link: CVE-2014-2383
Redhat
No data.