daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Auto Generated CVE annotations [Tue Sep 21 10:20:38 UTC 2021] 🤖

patch-1
GitHub Action 2021-09-21 10:20:38 +00:00
parent 005e5060b9
commit 5fa06f52e1
1 changed files with 1 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
cves/2014/CVE-2014-2383.yaml
View File

@ -9,6 +9,7 @@ info:
metadata:
win-payload: "/dompdf.php?input_file=C:/windows/win.ini"
unix-payload: "/dompdf.php?input_file=/etc/passwd"
description: "dompdf.php in dompdf before 0.6.1, when DOMPDF_ENABLE_PHP is enabled, allows context-dependent attackers to bypass chroot protections and read arbitrary files via a PHP protocol and wrappers in the input_file parameter, as demonstrated by a php://filter/read=convert.base64-encode/resource in the input_file parameter."
requests:
- method: GET