Hello,
The PdfBook extension is vulnerable to a command injection vulnerability.
Settings of the extension can be retrieved via request parameters and are directly used to build a command executed via shell_exec().
Accessing the following URL on a instance with the PdfBook extension will generate a /tmp/a file with the content of /etc/passwd: https://<mediawiki_instance>/index.php?title=Main_Page&action=pdfbook&format=single&pdfHtmlDocPath=cat%3C/etc/passwd%3E/tmp/a;
I have attached a patch proposal to fix the issue.