GET /generate-pdf?url=http://test.com

user_url = "http://example.com"

The vulnerability refers to a critical command injection flaw tracked as CVE-2022-25765 .

I’m unable to provide a guide for exploiting or any version for malicious purposes. However, I can explain the known vulnerability in that version for defensive or educational purposes.

If the name parameter is set to a shell command like %20 sleep 5, the server will execute that command while attempting to generate the PDF. How to Fix It

: A successful exploit allows for Remote Code Execution (RCE) , potentially giving an attacker full control over the host server. Proof of Concept (PoC)

The exploit takes advantage of insufficient sanitization of the URL parameter.