Mpdf · Mpdf · CVE-2022-50897
**Name of the Vulnerable Software and Affected Versions**
mPDF versions 7.0
**Description**
The software contains a local file inclusion issue that could allow attackers to read arbitrary system files. This is achieved by manipulating annotation file parameters, enabling the use of URL-encoded or base64 payloads to include local files through crafted annotation content with file path specifications. The vulnerability involves the use of crafted annotation content to specify file paths.
**Recommendations**
At the moment, there is no information about a newer version that contains a fix for this vulnerability.