vendor:
TCPDF library
by:
Filippo Roncari
7.5
CVSS
HIGH
Object Injection
n/a
CWE
Product Name: TCPDF library
Affected Version From: <= 5.9
Affected Version To: <= 5.9
Patch Exists: NO
Related CWE: n/a
CPE: n/a
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: PHP
n/a
TCPDF library Universal POI Payload to Arbitrary File Deletion
A universal Object Injection payload for vulnerable PHP applications, which make use of TCPDF library, is here shared. The payload abuses the __destruct() magic method of the Tcpdf class defined in tcpdf.php and allows to arbitrary delete files on the filesystem.
Mitigation:
Sanitize user input before passing it to unserialize() function.