CVEs-PoC/2021/CVE-2021-3902.md at 9fdf63f72aaf69c2cfcdf003f210c221cc422aaa

CalvinBackup/CVEs-PoC

Fork 0

mirror of https://github.com/0xMarcio/cve.git synced 2026-05-15 11:48:07 +02:00

Files

T

0xMarcio cb00e1339f Update CVE list 2025-09-29 21:09

2025-09-29 21:09:30 +02:00

Description

An improper restriction of external entities (XXE) vulnerability in dompdf/dompdf's SVG parser allows for Server-Side Request Forgery (SSRF) and deserialization attacks. This issue affects all versions prior to 2.0.0. The vulnerability can be exploited even if the isRemoteEnabled option is set to false. It allows attackers to perform SSRF, disclose internal image files, and cause PHAR deserialization attacks.

POC

Reference

No PoCs from references.

Github

https://github.com/20142995/nuclei-templates
https://github.com/cyb3r-w0lf/nuclei-template-collection

1.1 KiB Raw Blame History

CVE-2021-3902

Description

POC

Reference

Github

1.1 KiB

Raw Blame History