Description

TCPDF is a very popular PHP class for generating PDF documents. A vulnerability was reported in TCPDF versions before 6.2.0. TCPDF has a method called addTTFFont that is used to "Convert and add the selected TrueType or Type1 font to the fonts folder". This method can be abused to read any file from the server and send it to the attacker.

Remediation

Upgrade to the latest version of TCPDF (this issue was patched in TCPDF 6.2.0).

References

Stealing files from web servers by exploiting a popular PDF generator

TCPDF changelog

Related Vulnerabilities

WordPress Plugin WP-Lytebox 'pg' Parameter Local File Inclusion (1.3)

WordPress Plugin Subscribe to Comments Local File Inclusion (2.1.2)

WordPress Plugin Last.fm Rotation Local File Inclusion (1.0)

Http redirect security bypass

PHP unserialize() used on user input

Severity

High

Classification

CWE-98 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

Tags

Abuse Of Functionality File Inclusion