A vulnerability classified as problematic was found in dompdf 0.6.0. This vulnerability affects an unknown code block of the file dompdf.php. The manipulation of the argument php:/filter/read=convertbase64-encode/resource with an unknown input leads to a information disclosure vulnerability. The CWE definition for the vulnerability is CWE-200. The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information. As an impact it is known to affect confidentiality. CVE summarizes:

dompdf.php in dompdf before 0.6.1, when DOMPDF_ENABLE_PHP is enabled, allows context-dependent attackers to bypass chroot protections and read arbitrary files via a PHP protocol and wrappers in the input_file parameter, as demonstrated by a php://filter/read=convert.base64-encode/resource in the input_file parameter.

The weakness was presented 04/28/2014 (Website). The advisory is shared for download at portcullis-security.com. This vulnerability was named CVE-2014-2383 since 03/13/2014. The attack can be initiated remotely. No form of authentication is required for a successful exploitation. Technical details and also a public exploit are known. The MITRE ATT&CK project declares the attack technique as T1592.

It is possible to download the exploit at exploit-db.com. It is declared as proof-of-concept. By approaching the search of inurl:dompdf.php it is possible to find vulnerable targets with Google Hacking.

Upgrading to version 0.6.0 eliminates this vulnerability.

The vulnerability is also documented in the vulnerability database at Exploit-DB (33004).

Productinfo

Name

• dompdf

Version

• 0.6.0

License

• open-source

CPE 2.3info

• 🔍
• 🔍

CPE 2.2info

• 🔍
• 🔍

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Discussion