CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2022-50897

mPDF 7.0 contains a local file inclusion vulnerability that allows attackers to read arbitrary system files by manipulating annotation file parameters. Attackers can generate URL-encoded or base64 payloads to include local files through crafted annotation content with file path specifications.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.0

EPSS Ranking 8.3%

CVSS Severity

CVSS v3 Score 5.5

References

https://mpdf.github.io/
https://www.exploit-db.com/exploits/50995
https://www.vulncheck.com/advisories/mpdf-local-file-inclusion

Products affected by CVE-2022-50897

Mpdf Project » Mpdf » Version: 7.0.0

cpe:2.3:a:mpdf_project:mpdf:7.0.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2022-50897

Products

Pricing

Contact Us