oss-sec mailing list archives
TCPDF: CVE-2017-6100: LFI posting internal files externally abusing default parameter
From: Salvatore Bonaccorso <carnil () debian org>
Date: Sun, 19 Feb 2017 17:43:59 +0100
Hi CVE-2017-6100 has been assigned for the following issue in TCPDF: https://sourceforge.net/p/tcpdf/bugs/1005/ tcpdf allows to upload files from the server generating PDF-files to an external FTP. The issue was discovered by Frans Rosén. Regards, Salvatore
Current thread:
- TCPDF: CVE-2017-6100: LFI posting internal files externally abusing default parameter Salvatore Bonaccorso (Feb 19)