.. / CVE-2022-25765

Exploit for pdfkit - Remote Code Execution (CVE-2022-25765)

Description:

The package pdfkit from 0.0.0 are vulnerable to Command Injection where the URL is not properly sanitized.

Proof of Concept

PoC exploit

Try the exploit in a lab environment:

Lab Machine Link
Hack The Box Precious Go to Practice

References:

https://nvd.nist.gov/vuln/detail/CVE-2022-25765