Unrated severityOSV Advisory· Published Jan 13, 2026· Updated Mar 5, 2026
mPDF 7.0 - Local File Inclusion
CVE-2022-50897
Description
mPDF 7.0 contains a local file inclusion vulnerability that allows attackers to read arbitrary system files by manipulating annotation file parameters. Attackers can generate URL-encoded or base64 payloads to include local files through crafted annotation content with file path specifications.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2Patches
Vulnerability mechanics
References
3- www.exploit-db.com/exploits/50995mitreexploit
- www.vulncheck.com/advisories/mpdf-local-file-inclusionmitrethird-party-advisory
- mpdf.github.iomitreproduct
News mentions
0No linked articles in our index yet.