CVE-2010-4879
EPSS 1.1%DOMPDF Remote File Inclusion Vulnerability
Published: 5/17/2022Modified: 4/28/2026
Description
PHP remote file inclusion vulnerability in dompdf.php in dompdf 0.6.0 beta1 allows remote attackers to execute arbitrary PHP code via a URL in the input_file parameter.
Affected packages (2)
- Debian/php-dompdffrom 0, < 0.6.1+dfsg-1
- Packagist/dompdf/dompdf>= 0.6, < 0.6.1
References (8)
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2010-4879
- ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2010-4879
- PATCHhttps://github.com/dompdf/dompdf
- WEBhttps://github.com/dompdf/dompdf/commit/23a693993299e669306929e3d49a4a1f7b3fb028
- WEBhttps://github.com/dompdf/dompdf/releases/tag/v0.6.2
- WEBhttps://github.com/dompdf/dompdf/wiki/Securing-dompdf
- WEBhttps://github.com/FriendsOfPHP/security-advisories/blob/master/dompdf/dompdf/CVE-2010-4879.yaml
- WEBhttp://www.exploit-db.com/exploits/14851