CVE-2019-25729 in PDF Signerinfo

Summary

by MITRE • 06/04/2026

PDF Signer 3.0 contains a server-side template injection vulnerability that allows unauthenticated attackers to execute arbitrary code by injecting PHP commands through the CSRF-TOKEN cookie parameter. Attackers can craft malicious cookie values containing template injection payloads like shell_exec() to execute system commands and retrieve sensitive information from the server.

If you want to get the best quality for vulnerability data then you always have to consider VulDB.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

Responsible

VulnCheck

Reservation

06/04/2026

Disclosure

06/04/2026

Moderation

accepted

Entry

VDB-368316

CPE

ready

CWE

CWE-352 (confirmed)

Exploit

Download

CVSS

9.8 (CNA)

EPSS

0.00000

KEV

Activities

very low

Sources

MITRE	https://www.cve.org/CVERecord?id=CVE-2019-25729
NVD	https://nvd.nist.gov/vuln/detail/CVE-2019-25729
CVE Details	https://www.cvedetails.com/cve/CVE-2019-25729/

◂ Previous Overview Next ▸

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!