CVE-2014-6235 – TYPO3 Extension ke DomPDF - Remote Code Execution

https://notcve.org/view.php?id=CVE-2014-6235

Unspecified vulnerability in the ke DomPDF extension before 0.0.5 for TYPO3 allows remote attackers to execute arbitrary code via unknown vectors. Vulnerabilidad no especificada en la extensión ke DomPDF anterior a 0.0.5 para TYPO3 permite a atacantes remotos ejecutar código arbitrario a través de vectores desconocidos. The TYPO3 extension ke_dompdf contains a version of the dompdf library including all files originally supplied with it. This includes an examples page, which contains different examples for HTML-entities rendered as a PDF. This page also allows users to enter their own HTML code into a text box to be rendered by the webserver using dompdf. dompdf also supports rendering of PHP files and the examples page also accepts PHP code tags, which are then executed and rendered into a PDF on the server. • https://www.exploit-db.com/exploits/35443 http://typo3.org/extensions/repository/view/ke_dompdf http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2014-010 http://www.securityfocus.com/bid/69563 https://exchange.xforce.ibmcloud.com/vulnerabilities/95706 •