CVE-2014-6235

ke_dompdf < 0.0.3 - Remote Code Execution

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2014-6235. PoCs published by RedTeam Pentesting.

AI-analyzed exploit summary The advisory describes a remote code execution vulnerability in the TYPO3 extension ke_dompdf, where an unprotected examples.php file allows arbitrary PHP code execution via user input. The vulnerability was fixed in the dompdf library in 2010 but persisted in the TYPO3 extension until version 0.0.5.

Description

Unspecified vulnerability in the ke DomPDF extension before 0.0.5 for TYPO3 allows remote attackers to execute arbitrary code via unknown vectors.

Exploits (1)

exploitdb WRITEUP
by RedTeam Pentesting · textwebappsphp
https://www.exploit-db.com/exploits/35443

The advisory describes a remote code execution vulnerability in the TYPO3 extension ke_dompdf, where an unprotected examples.php file allows arbitrary PHP code execution via user input. The vulnerability was fixed in the dompdf library in 2010 but persisted in the TYPO3 extension until version 0.0.5.

Classification
Writeup 100%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: TYPO3 extension ke_dompdf versions 0.0.3 to 0.0.4
No auth needed
Prerequisites: Access to the vulnerable examples.php file
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/69563
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/95706

Scores

EPSS 0.0557
EPSS Percentile 91.9%

Details

Status published
Products (1)
kennziffer/ke_dompdf < 0.0.3
Published Sep 11, 2014
Tracked Since Feb 18, 2026