216.73.217.139

CVE-2022-50897

· Published 13/01/2026 23:15 · Modified 14/01/2026 16:25

Labels: CVE-2022-50897 2026-01-13CVE-2022-50897CWE-98[email protected]

Essential information

Published
13/01/2026 23:15
Modified
14/01/2026 16:25
Author
Creator
CVSS
8.7 HIGH (v3) 8.7 HIGH (v4.0)
CISA KEV
No
CWE
CVSS vector

CVSS metrics

Description

mPDF 7.0 contains a local file inclusion vulnerability that allows attackers to read arbitrary system files by manipulating annotation file parameters. Attackers can generate URL-encoded or base64 payloads to include local files through crafted annotation content with file path specifications.

NVD status

Status
Awaiting Analysis — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
mpdf / mpdf cpe:2.3:a:mpdf:mpdf:7.0:*:*:*:*:*:*:*

References