Security Risk: 
Less Critical
Vulnerability: 
Other
Affected Versions: 

Up through v4.6.13 and v4.7.2

 

Fixed Versions: 

v4.6.14+ and v4.7.3+

 

Publication Date: 
Wednesday, March 2, 2016
Description: 

A bundled library, TCPDF, had a recent security flaw patched. This vulnerability permitted a malicious user to make the PDF library perform unexpected actions, potentially permitting data disclosure. This was mitigated by the fact that only administrative users have access to the PDF generation functionality which uses TCPDF.

Solutions: 

Any ONE of the following:

Credits: 
  • Dmitry Smirnov (RAID6.com.au)
  • Chris Burgess (Fuzion)