10 matches found
PHP Remote File Inclusion
Overview mpdf/mpdf is a PHP library generating PDF files from UTF-8 encoded HTML. Affected versions of this package are vulnerable to PHP Remote File Inclusion via the annotation file parameters. An attacker can access arbitrary system files by supplying crafted annotation content containing file...
CVE-2022-50897
mPDF 7.0 contains a local file inclusion vulnerability that allows attackers to read arbitrary system files by manipulating annotation file parameters. Attackers can generate URL-encoded or base64 payloads to include local files through crafted annotation content with file path specifications...
CVE-2022-50897 mPDF 7.0 - Local File Inclusion
mPDF 7.0 contains a local file inclusion vulnerability that allows attackers to read arbitrary system files by manipulating annotation file parameters. Attackers can generate URL-encoded or base64 payloads to include local files through crafted annotation content with file path specifications...
CVE-2022-50897
mPDF 7.0 is affected by a local file inclusion through crafted annotation file parameters, allowing reading arbitrary system files via URL-encoded or base64 payloads. Root cause: annotation content that specifies file paths enables LFI. Impact is high on confidentiality; no explicit exploit detai...
CVE-2022-50897 mPDF 7.0 - Local File Inclusion
mPDF 7.0 contains a local file inclusion vulnerability that allows attackers to read arbitrary system files by manipulating annotation file parameters. Attackers can generate URL-encoded or base64 payloads to include local files through crafted annotation content with file path specifications...
PT-2026-2373
Name of the Vulnerable Software and Affected Versions mPDF versions 7.0 Description The software contains a local file inclusion issue that could allow attackers to read arbitrary system files. This is achieved by manipulating annotation file parameters, enabling the use of URL-encoded or base64...
CVE-2025-55311
An issue was discovered in Foxit PDF and Editor for Windows and macOS before 13.2 and 2025 before 2025.2. A crafted PDF can use JavaScript to alter annotation content and subsequently clear the file's modification status via JavaScript interfaces. This circumvents digital signature verification b...
CVE-2025-55311
An issue was discovered in Foxit PDF and Editor for Windows and macOS before 13.2 and 2025 before 2025.2. A crafted PDF can use JavaScript to alter annotation content and subsequently clear the file's modification status via JavaScript interfaces. This circumvents digital signature verification b...
PT-2025-50619
Name of the Vulnerable Software and Affected Versions Foxit PDF and Editor versions prior to 13.2 Foxit PDF and Editor 2025 versions prior to 2025.2 Description A specially crafted PDF document can utilize JavaScript to modify annotation content and then remove the file’s modification status...
SUSE CVE-2017-14926
In Poppler 0.59.0, a NULL Pointer Dereference exists in AnnotRichMedia::Content::Content in Annot.cc via a crafted PDF document...