CVE-2021-43691

Name of the Vulnerable Software and Affected Versions: tripexpress version 1.1

Description: The issue concerns a path manipulation vulnerability in the file system/helpers/dompdf/load font.php. The src variable, which comes from $ SERVER["argv"], is involved in this vulnerability.

Recommendations: For tripexpress version 1.1, consider restricting access to the load font.php file in the dompdf directory to minimize the risk of exploitation. As a temporary workaround, avoid using the src variable from $ SERVER["argv"] in the load font.php file until a patch is available.