Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Hello,
I would like to report for path manipulation vulnerability.
The path of the vulnerability.
In file system/helpers/dompdf/load_font.php
// line 171 call_user_func_array("install_font_family", array_slice($_SERVER["argv"], 1));
line 66
function install_font_family($fontname, $normal, $bold = null, $italic = null, $bold_italic = null) { // ... $fonts = compact("normal", "bold", "italic", "bold_italic"); // ... // Copy the files to the font directory. foreach ($fonts as $var => $src) { // ... if ( !copy($src, $dest) ) //... }
The variable src is coming from $_SERVER["argv"]. Then there is path manipulation vulnerability.
The text was updated successfully, but these errors were encountered:
CVE-2021-43691 is assigned to the discovery.
An unspecified version of tripexpress is affected by a path manipulation vulnerability in file system/helpers/dompdf/load_font.php. The variable src is coming from $_SERVER["argv"] then there is a path manipulation vulnerability.
Sorry, something went wrong.
No branches or pull requests
Hello,
I would like to report for path manipulation vulnerability.
The path of the vulnerability.
In file system/helpers/dompdf/load_font.php
line 66
The variable src is coming from $_SERVER["argv"]. Then there is path manipulation vulnerability.
The text was updated successfully, but these errors were encountered: