CVE-2020-21365
HIGHwkhtmltopdf <= 0.12.5 - Path Traversal via Crafted HTML File
Title source: llmExploitation Summary
EIP tracks 3 public exploits for CVE-2020-21365. PoCs published by andrei2308, samaellovecraft.
AI-analyzed exploit summary The provided code is a minimal PHP snippet attempting a file disclosure via a header redirect to 'file:///etc//passwd'. It lacks exploit context or functionality specific to CVE-2020-21365.
Description
Directory traversal vulnerability in wkhtmltopdf through 0.12.5 allows remote attackers to read local files and disclose sensitive information via a crafted html file running with the default configurations.
Exploits (3)
nomisec
STUB
by andrei2308 · poc
https://github.com/andrei2308/CVE-2020-21365
The provided code is a minimal PHP snippet attempting a file disclosure via a header redirect to 'file:///etc//passwd'. It lacks exploit context or functionality specific to CVE-2020-21365.
Classification
Stub 80%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Theoretical
Target:
Unknown (CVE-2020-21365 is unrelated to this code)
No auth needed
Prerequisites:
PHP execution environment
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026
Full analysis →
References (2)
Core 2
Core References
Mailing List, Third Party Advisory mailing-list
https://lists.debian.org/debian-lts-announce/2022/10/msg00027.html
Exploit, Issue Tracking, Third Party Advisory
https://github.com/wkhtmltopdf/wkhtmltopdf/issues/4536
Scores
CVSS v3
7.5
EPSS
0.0182
EPSS Percentile
76.0%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-22
Status
published
Products (2)
debian/debian_linux
10.0
wkhtmltopdf/wkhtmltopdf
< 0.12.5
Published
Aug 15, 2022
Tracked Since
Feb 18, 2026