Arbitrary File Writing Vulnerability in Foxit Reader and PhantomPDF
CVE-2021-38572 · CRITICAL Severity
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
An issue was discovered in Foxit Reader and PhantomPDF before 10.1.4. It allows writing to arbitrary files because the extractPages pathname is not validated.
Learn more about our Web Application Penetration Testing UK.