CVE-2024-51058

Name of the Vulnerable Software and Affected Versions: TCPDF version 6.7.5

Description: A Local File Inclusion (LFI) issue has been discovered, allowing a user to read arbitrary files from the server's file system through the src tag in an img element, potentially exposing sensitive information.

Recommendations: For TCPDF version 6.7.5, consider disabling the img tag or restricting the src attribute to prevent exploitation until a patch is available. Restrict access to sensitive files on the server to minimize the risk of information exposure. At the moment, there is no information about a newer version that contains a fix for this vulnerability.