Main Vulnerability Database Exploits ID:10693 - Exploit for Code Injection in Dompdf - CVE-2022-28368

ID:10693 - Exploit for Code Injection in Dompdf - CVE-2022-28368

Published: October 25, 2024

Vulnerability identifier: #VU72315

Vulnerability risk: High

CVE-ID: CVE-2022-28368

CWE-ID: CWE-94

Exploitation vector: Remote access

Vulnerable software:
Dompdf

Link to public exploit:

https://www.exploit-db.com/exploits/51270/

Vulnerability description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to improper input validation when handling "src:url" field of an @font-face Cascading Style Sheets (CSS) statement inside an HTML input file. A remote attacker can link a malicious .php file and execute it on the system with installed Dompd when converting HTML to PDF.

Successful exploitation of the vulnerability can allow an attacker to compromise the affected system.

Remediation

Install updates from vendor's website.

ID:10693 - Exploit for Code Injection in Dompdf - CVE-2022-28368

Link to public exploit:

Vulnerability description

Remediation

Please verify you're human