Dismissed
Permalink
CVE-2022-50897
6.2 MEDIUM
- CVSS version: 3.1
- Attack vector (AV): LOCAL
- Attack complexity (AC): LOW
- Privileges required (PR): NONE
- User interaction (UI): NONE
- Scope (S): UNCHANGED
- Confidentiality impact (C): HIGH
- Integrity impact (I): NONE
- Availability impact (A): NONE
by @LeSuisse Activity log
- Created automatic suggestion
- @jopejoe1 removed package termpdfpy
- @LeSuisse dismissed
mPDF 7.0 - Local File Inclusion
mPDF 7.0 contains a local file inclusion vulnerability that allows attackers to read arbitrary system files by manipulating annotation file parameters. Attackers can generate URL-encoded or base64 payloads to include local files through crafted annotation content with file path specifications.
References
- VulnCheck Advisory: mPDF 7.0 - Local File Inclusion third-party-advisory
- ExploitDB-50995 exploit
- Official mPDF Project Homepage product
- ExploitDB-50995 exploit
- Official mPDF Project Homepage product
- VulnCheck Advisory: mPDF 7.0 - Local File Inclusion third-party-advisory
- VulnCheck Advisory: mPDF 7.0 - Local File Inclusion third-party-advisory
- ExploitDB-50995 exploit
- Official mPDF Project Homepage product
Affected products
mPDF
- ==7.0