Arbitrary File Writing Vulnerability in Foxit Reader and PhantomPDF

Arbitrary File Writing Vulnerability in Foxit Reader and PhantomPDF

CVE-2021-38572 · CRITICAL Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

An issue was discovered in Foxit Reader and PhantomPDF before 10.1.4. It allows writing to arbitrary files because the extractPages pathname is not validated.

Learn more about our Web Application Penetration Testing UK.