Mpdf_project Mpdf
3 CVEs affecting Mpdf_project Mpdf. Latest disclosed: 2026-01-13. Critical: 1, High: 1.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2018-19047 | Critical | 10.0 | 2018-11-07 | mPDF through 7.1.6, if deployed as a web application that accepts arbitrary HTML, allows SSRF, as demonstrated by a '<img src="http://192.168' substring that t… |
CVE-2019-1000005 | High | 8.8 | 2019-02-04 | mPDF version 7.1.7 and earlier contains a CWE-502: Deserialization of Untrusted Data vulnerability in getImage() method of Image/ImageProcessor class that can… |
CVE-2022-50897 | Medium | 5.5 | 2026-01-13 | mPDF 7.0 contains a local file inclusion vulnerability that allows attackers to read arbitrary system files by manipulating annotation file parameters. Attacke… |