Unrated severityOSV Advisory· Published Jan 13, 2026· Updated Mar 5, 2026
mPDF 7.0 - Local File Inclusion
CVE-2022-50897
Description
mPDF 7.0 contains a local file inclusion vulnerability that allows attackers to read arbitrary system files by manipulating annotation file parameters. Attackers can generate URL-encoded or base64 payloads to include local files through crafted annotation content with file path specifications.
Affected products
1Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
3- www.exploit-db.com/exploits/50995mitreexploit
- www.vulncheck.com/advisories/mpdf-local-file-inclusionmitrethird-party-advisory
- mpdf.github.iomitreproduct
News mentions
0No linked articles in our index yet.