CVE-2023-23924

CRITICAL

Dompdf <2.0.1 - SSRF

Title source: llm

Description

Dompdf is an HTML to PDF converter. The URI validation on dompdf 2.0.1 can be bypassed on SVG parsing by passing `<image>` tags with uppercase letters. This may lead to arbitrary object unserialize on PHP < 8, through the `phar` URL wrapper. An attacker can exploit the vulnerability to call arbitrary URL with arbitrary protocols, if they can provide a SVG file to dompdf. In PHP versions before 8.0.0, it leads to arbitrary unserialize, that will lead to the very least to an arbitrary file deletion and even remote code execution, depending on classes that are available.

Exploits (1)

nomisec WORKING POC 9 stars
by motikan2010 · poc
https://github.com/motikan2010/CVE-2023-23924

References (3)

Scores

CVSS v3 10.0
EPSS 0.5146
EPSS Percentile 97.9%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:H

Details

CWE
CWE-551 CWE-863
Status published
Products (2)
dompdf/dompdf 0 - 2.0.2Packagist
dompdf_project/dompdf 2.0.1
Published Feb 01, 2023
Tracked Since Feb 18, 2026