CVE-2022-50897

Name of the Vulnerable Software and Affected Versions mPDF versions 7.0

Description The software contains a local file inclusion issue that could allow attackers to read arbitrary system files. This is achieved by manipulating annotation file parameters, enabling the use of URL-encoded or base64 payloads to include local files through crafted annotation content with file path specifications. The vulnerability involves the use of crafted annotation content to specify file paths.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.