header-logo
Suggest Exploit
vendor:
TCPDF
by:
Unknown
9
CVSS
CRITICAL
Arbitrary Code Execution
CWE
Product Name: TCPDF
Affected Version From: Versions prior to TCPDF 4.9.006
Affected Version To: Unknown
Patch Exists: YES
Related CWE: CVE-Unknown
CPE: a:tcpdf_project:tcpdf
Metasploit:
Other Scripts:
Platforms Tested: Unknown
Unknown

Arbitrary Code Execution in TCPDF

TCPDF is prone to a security weakness that may allow attackers to execute arbitrary code. An attacker can exploit this issue in conjunction with other latent vulnerabilities to execute arbitrary code with the privileges of the webserver.

Mitigation:

Upgrade to TCPDF version 4.9.006 or later.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/39315/info

TCPDF is prone to a security weakness that may allow attackers to execute arbitrary code.

An attacker can exploit this issue in conjunction with other latent vulnerabilities to execute arbitrary code with the privileges of the webserver.

Versions prior to TCPDF 4.9.006 are vulnerable. 

<tcpdf method="Rect" params=");echo `id`;die(" />

Navigation

Suggest Exploit

Services By CQR