oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

TCPDF: CVE-2017-6100: LFI posting internal files externally abusing default parameter

From: Salvatore Bonaccorso <carnil () debian org>
Date: Sun, 19 Feb 2017 17:43:59 +0100
Hi

CVE-2017-6100 has been assigned for the following issue in TCPDF:

https://sourceforge.net/p/tcpdf/bugs/1005/

tcpdf allows to upload files from the server generating PDF-files to
an external FTP.

The issue was discovered by  Frans Rosén.

Regards,
Salvatore
Previous By Date Next
Previous By Thread Next

Current thread: