CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2022-50897

mPDF 7.0 contains a local file inclusion vulnerability that allows attackers to read arbitrary system files by manipulating annotation file parameters. Attackers can generate URL-encoded or base64 payloads to include local files through crafted annotation content with file path specifications.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.0

EPSS Ranking 8.4%

CVSS Severity

CVSS v3 Score 6.2

References

https://mpdf.github.io/
https://www.exploit-db.com/exploits/50995
https://www.vulncheck.com/advisories/mpdf-local-file-inclusion

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2022-50897

Products

Pricing

Contact Us