exploitDog

CVE-2022-50897

Опубликовано: 13 янв. 2026

Источник: nvd

CVSS3: 5.5

EPSS Низкий

Описание

mPDF 7.0 contains a local file inclusion vulnerability that allows attackers to read arbitrary system files by manipulating annotation file parameters. Attackers can generate URL-encoded or base64 payloads to include local files through crafted annotation content with file path specifications.

Ссылки

https://mpdf.github.io/
Product
https://www.exploit-db.com/exploits/50995
Exploit
https://www.vulncheck.com/advisories/mpdf-local-file-inclusion
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:mpdf_project:mpdf:7.0.0:-:*:*:*:*:*:*

EPSS

Процентиль: 6%

0.00023

Низкий

5.5 Medium

CVSS3

Дефекты

CWE-98

Связанные уязвимости

GHSA-r9c5-x9r9-f4w3

CVSS3: 6.2

github

25 дней назад

mPDF 7.0 contains a local file inclusion vulnerability that allows attackers to read arbitrary system files by manipulating annotation file parameters. Attackers can generate URL-encoded or base64 payloads to include local files through crafted annotation content with file path specifications.

EPSS

Процентиль: 6%

0.00023

Низкий

5.5 Medium

CVSS3

Дефекты

CWE-98