TCPDF arbitrary file read

Description

TCPDF is a very popular PHP class for generating PDF documents. A vulnerability was reported in TCPDF versions before 6.2.0. TCPDF has a method called addTTFFont that is used to "Convert and add the selected TrueType or Type1 font to the fonts folder". This method can be abused to read any file from the server and send it to the attacker.

Remediation

Upgrade to the latest version of TCPDF (this issue was patched in TCPDF 6.2.0).

References