Description
PDF Signer 3.0 contains a server-side template injection vulnerability that allows unauthenticated attackers to execute arbitrary code by injecting PHP commands through the CSRF-TOKEN cookie parameter. Attackers can craft malicious cookie values containing template injection payloads like shell_exec() to execute system commands and retrieve sensitive information from the server.
Published: 2026-06-04
Score: 9.3 Critical
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Server‑side template injection in PDF Signer 3.0 occurs through the CSRF‑TOKEN cookie, allowing attackers to inject PHP commands such as shell_exec() into cookie values. This flaw is exploitable without authentication and can lead to arbitrary system command execution, data theft, and full compromise of the affected server.

Affected Systems

The vulnerability affects Simcy Creative's PDF Signer 3.0. No other affected versions were disclosed in the advisory, so the only known vulnerable release is the 3.0 edition.

Risk and Exploitability

The CVSS score of 9.3 indicates critical severity. An unauthenticated attacker can craft a malicious CSRF‑TOKEN cookie, bypass CSRF defenses, and drive code execution without needing to log in. The EPSS score is not available, and the flaw is not listed in CISA’s KEV catalog, but the high CVSS combined with the lack of authentication requirement means the risk is high and exploitation is likely if attackers target the product.

Generated by OpenCVE AI on June 4, 2026 at 14:39 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade PDF Signer to the latest patched release (any version after 3.0).
  • If an upgrade is not immediately possible, configure the web server to block or whitelist CSRF‑TOKEN cookie values and enforce SameSite and HttpOnly attributes.
  • Deploy a web application firewall that detects and blocks template injection payloads in cookie headers.
  • Ensure all CWE‑352 related CSRF protections are enabled and review input sanitization for cookie parameters.

Generated by OpenCVE AI on June 4, 2026 at 14:39 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 05 Jun 2026 10:45:00 +0000

Type Values Removed Values Added
First Time appeared Simcy Creative
Simcy Creative pdf Signer
Vendors & Products Simcy Creative
Simcy Creative pdf Signer

Thu, 04 Jun 2026 14:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Thu, 04 Jun 2026 13:30:00 +0000

Type Values Removed Values Added
Description PDF Signer 3.0 contains a server-side template injection vulnerability that allows unauthenticated attackers to execute arbitrary code by injecting PHP commands through the CSRF-TOKEN cookie parameter. Attackers can craft malicious cookie values containing template injection payloads like shell_exec() to execute system commands and retrieve sensitive information from the server.
Title PDF Signer 3.0 Server-Side Template Injection RCE via CSRF Cookie
Weaknesses CWE-352
References
Metrics cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

cvssV4_0

{'score': 9.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Simcy Creative Pdf Signer
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-06-04T14:01:26.991Z

Reserved: 2026-06-04T10:52:00.250Z

Link: CVE-2019-25729

cve-icon Vulnrichment

Updated: 2026-06-04T14:01:21.557Z

cve-icon NVD

Status : Deferred

Published: 2026-06-04T14:16:30.630

Modified: 2026-06-04T15:00:40.757

Link: CVE-2019-25729

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-05T10:07:58Z

Weaknesses
  • CWE-352

    Cross-Site Request Forgery (CSRF)