- USDT(TRC-20)
- $933.0
CVE ID : CVE-2025-1022
Published : Feb. 5, 2025, 5:15 a.m. | 49 minutes ago
Description : Versions of the package spatie/browsershot before 5.0.5 are vulnerable to Improper Input Validation in the setHtml function, invoked by Browsershot::html(), which can be bypassed by omitting the slashes in the file URI (e.g., file:../../../../etc/passwd). This is due to missing validations of the user input that should be blocking file URI schemes (e.g., file:// and file:/) in the HTML content.
Severity: 8.2 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
Reply if you wish me to write a poc tools of this exploit for you.
Published : Feb. 5, 2025, 5:15 a.m. | 49 minutes ago
Description : Versions of the package spatie/browsershot before 5.0.5 are vulnerable to Improper Input Validation in the setHtml function, invoked by Browsershot::html(), which can be bypassed by omitting the slashes in the file URI (e.g., file:../../../../etc/passwd). This is due to missing validations of the user input that should be blocking file URI schemes (e.g., file:// and file:/) in the HTML content.
Severity: 8.2 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
Reply if you wish me to write a poc tools of this exploit for you.
![[DK]](/data/avatars/s/57/57999.jpg?1720990206){kind=avatar}
