CVE-2018-17057

CRITICAL

TCPDF < 6.2.22 - Remote Code Execution via PHAR Deserialization

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2018-17057. PoCs published by q3rv0.

AI-analyzed exploit summary This exploit leverages a deserialization vulnerability in LimeSurvey < 3.16 via the TCPDF library's use of the 'phar://' wrapper to achieve remote code execution. It authenticates, uploads a malicious PHAR file, and triggers deserialization through a PDF export function.

Description

An issue was discovered in TCPDF before 6.2.22. Attackers can trigger deserialization of arbitrary data via the phar:// wrapper.

Exploits (1)

exploitdb WORKING POC
by q3rv0 · pythonwebappsphp
https://www.exploit-db.com/exploits/46634

This exploit leverages a deserialization vulnerability in LimeSurvey < 3.16 via the TCPDF library's use of the 'phar://' wrapper to achieve remote code execution. It authenticates, uploads a malicious PHAR file, and triggers deserialization through a PDF export function.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: LimeSurvey < 3.16
Auth required
Prerequisites: Valid credentials for LimeSurvey · Network access to the target · PHP environment with PHAR support
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (7)

Core 7
Core References
Mailing List, Third Party Advisory mailing-list x_refsource_fulldisc
http://seclists.org/fulldisclosure/2019/Mar/36
Third Party Advisory, VDB Entry exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/46634/

Scores

CVSS v3 9.8
EPSS 0.5213
EPSS Percentile 98.0%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-502
Status published
Products (6)
fooman/tcpdf 0 - 6.2.22Packagist
la-haute-societe/tcpdf 0 - 6.2.22Packagist
limesurvey/limesurvey < 3.16.0
spoonity/tcpdf 0 - 6.2.22Packagist
tecnick/tcpdf < 6.2.22
tecnickcom/tcpdf 0 - 6.2.22Packagist
Published Sep 14, 2018
Tracked Since Feb 18, 2026