What is GHSA-7j94-5v5j-mw57?

GHSA-7j94-5v5j-mw57 is a security advisory published by GitHub Security Advisories with Critical severity. PDF Signer 3.0 contains a server-side template injection vulnerability that allows...

Which CVE IDs does GHSA-7j94-5v5j-mw57 cover?

GHSA-7j94-5v5j-mw57 covers the following CVE IDs: CVE-2019-25729. Each CVE has its own detail page on EchelonGraph Pulse with the synthesized EG score.

What is the CVSS v3 score of GHSA-7j94-5v5j-mw57?

GHSA-7j94-5v5j-mw57 has a CVSS v3 base score of 9.8, published by GitHub Security Advisories.

GHSA-7j94-5v5j-mw57CriticalCVSS 9.8

PDF Signer 3.0 contains a server-side template injection vulnerability that allows...

Vendor

GitHub Security Advisories

Published

June 4, 2026

Last Modified

June 4, 2026

🔗 CVE IDs covered (1)

CVE-2019-25729 →

📋 Description

PDF Signer 3.0 contains a server-side template injection vulnerability that allows unauthenticated attackers to execute arbitrary code by injecting PHP commands through the CSRF-TOKEN cookie parameter. Attackers can craft malicious cookie values containing template injection payloads like shell_exec() to execute system commands and retrieve sensitive information from the server.

🔗 References (6)

https://nvd.nist.gov/vuln/detail/CVE-2019-25729
https://codecanyon.net/item/signer-create-digital-signatures-and-sign-pdf-documents-online/20737707
https://codecanyon.net/user/simcy_creative
https://www.exploit-db.com/exploits/46276
https://www.vulncheck.com/advisories/pdf-signer-server-side-template-injection-rce-via-csrf-cookie
https://github.com/advisories/GHSA-7j94-5v5j-mw57