Closed enferas closed 2 years ago
Hi,
How to you trigger this vulnerability ?
Hello,
Thank you for your response.
After some deeper checking, I had a mistake that there is no vulnerability.
In this line
$tmp = str_replace($host, $_SERVER['DOCUMENT_ROOT'], $url);
$host is the search word and not replacement word.
I am going to close the issue.
Hello.
I would like to report for possible Path Manipulation vulnerability.
The source in this file https://github.com/tecnickcom/TCPDF/blob/main/include/tcpdf_static.php. Line 1957
and the sink in line 1979