Posted by RedTeam Pentesting GmbH on Dec 01

Advisory: Remote Code Execution in TYPO3 Extension ke_dompdf

During a penetration test RedTeam Pentesting discovered a remote code
execution vulnerability in the TYPO3 extension ke_dompdf, which allows
attackers to execute arbitrary PHP commands in the context of the
webserver.

Details
=======

Product: ke_dompdf TYPO3 extension
Affected Versions: 0.0.3<=
Fixed Versions: 0.0.5
Vulnerability Type: Remote Code Execution
Security Risk: high…