CVE-2020-35340

A local file inclusion vulnerability in ExpertPDF 9.5.0 through 14.1.0 allows attackers to read the file contents from files that the running ExpertPDF process has access to read.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 56%
VendorProductVersion
expertpdfexpertpdf
9.5.0 ≤
𝑥
≤ 14.1.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://optionalctf.com/cve-2020-35340-local-file-inclusion-in-expertpdf-9-5-0-14-1-0/
https://optionalctf.com/cve-2020-35340-local-file-inclusion-in-expertpdf-9-5-0-14-1-0/