Posted by Brandon Perry on Jul 06

While grabbing a copy PrinceXML, I noticed the company also offered some wrapper classes in various languages for using
prince in server applications (web applications).

http://www.princexml.com/download/wrappers/ <http://www.princexml.com/download/wrappers/>

Taking a quick look at the PHP class, there are likely numerous command injection vulnerabilities. I was able to prove
a quick PoC out. Some quick googling yielded more results…