A critical server-side template injection vulnerability in PDF Signer 3.0 allows unauthenticated attackers to execute arbitrary system commands via the CSRF-TOKEN cookie.

The application fails to sanitize the CSRF-TOKEN cookie, which is processed by the server-side template engine. This allows an unauthenticated attacker to inject template payloads, such as shell_exec(), leading to full remote code execution on the server.

The CVSS score of 9.8 indicates a critical risk. Exploitation allows an attacker to gain full control over the application server, resulting in potential data theft, lateral movement within the network, and complete service disruption.

Immediate Action: Update to the latest version of PDF Signer that addresses this template injection vulnerability.

Proactive Monitoring: Inspect server logs for suspicious cookie values containing common template injection syntax or shell commands.

Compensating Controls: Implement a WAF to intercept and block malicious input in HTTP headers and cookies, specifically targeting template injection payloads.

Public Exploit Available: False

This vulnerability is highly severe due to the ease of exploitation via cookie manipulation. It is imperative that all instances of PDF Signer are updated immediately. If patching is not possible, ensure that the application is isolated from the internet and that all cookie inputs are strictly validated.