Mpdf Security Vulnerabilities and Issues — Mpdf CVE List

Mpdf ProjectMpdf

3 matches found

CVE•added 2018/11/07 5:0 a.m.•71 views

CVE-2018-19047

CVE-2018-19047 concerns mPDF up to version 7.1.6 where SSRF is possible when mPDF is deployed as a web app that accepts arbitrary HTML. The credible details across connected docs describe an SSRF path demonstrated by an <img src="http://192.168…> trigger calling getImage in Image/ImageProce...

10CVSS9.3AI score0.00331EPSS

Web

CVE•added 2019/02/04 9:0 p.m.•62 views

CVE-2019-1000005

CVE-2019-1000005 affects mPDF up to version 7.1.7, where Image/ImageProcessor.getImage() is vulnerable to CWE-502 deserialization of untrusted data via phar:// crafted images, enabling arbitrary code execution or file write. The attack requires hosting a crafted image on the victim server and tri...

8.8CVSS8.6AI score0.00318EPSS

CVE•added 2026/01/13 10:51 p.m.•6 views

CVE-2022-50897

mPDF 7.0 is affected by a local file inclusion through crafted annotation file parameters, allowing reading arbitrary system files via URL-encoded or base64 payloads. Root cause: annotation content that specifies file paths enables LFI. Impact is high on confidentiality; no explicit exploit detai...

8.7CVSS6.2AI score0.00042EPSS