Vulnerability Description
wkhtmlTOpdf 0.12.6 is vulnerable to SSRF which allows an attacker to get initial access into the target's system by injecting iframe tag with initial asset IP address on it's source. This allows the attacker to takeover the whole infrastructure by accessing their internal assets.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Wkhtmltopdf | Wkhtmltopdf | 0.12.6 |
Related Weaknesses (CWE)
References
- http://packetstormsecurity.com/files/171446/wkhtmltopdf-0.12.6-Server-Side-RequeExploit
- https://cyber-guy.gitbook.io/cyber-guys-blog/blogs/initial-access-via-pdf-file-sURL Repurposed
- https://drive.google.com/file/d/1LAmf_6CJLk5qDp0an2s_gVQ0TN2wmht5/view?usp=shariExploitThird Party Advisory
- https://wkhtmltopdf.org/ProductVendor Advisory
- http://packetstormsecurity.com/files/171446/wkhtmltopdf-0.12.6-Server-Side-RequeExploit
- https://cyber-guy.gitbook.io/cyber-guys-blog/blogs/initial-access-via-pdf-file-sURL Repurposed
- https://drive.google.com/file/d/1LAmf_6CJLk5qDp0an2s_gVQ0TN2wmht5/view?usp=shariExploitThird Party Advisory
- https://wkhtmltopdf.org/ProductVendor Advisory
FAQ
What is CVE-2022-35583?
CVE-2022-35583 is a vulnerability with a CVSS score of 9.8 (CRITICAL). wkhtmlTOpdf 0.12.6 is vulnerable to SSRF which allows an attacker to get initial access into the target's system by injecting iframe tag with initial asset IP address on it's source. This allows the a...
How severe is CVE-2022-35583?
CVE-2022-35583 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2022-35583?
Check the references section above for vendor advisories and patch information. Affected products include: Wkhtmltopdf Wkhtmltopdf.