Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
mpdf vulnerabilities and exploits
(subscribe to this query)
10
CVSSv3
CVE-2018-19047
mPDF up to and including 7.1.6, if deployed as a web application that accepts arbitrary HTML, allows SSRF, as demonstrated by a '<img src="http://192.168' substring that triggers a call to getImage in Image/ImageProcessor.php. NOTE: the software maintainer dispu...
Mpdf Project Mpdf
8.8
CVSSv3
CVE-2019-1000005
mPDF version 7.1.7 and previous versions contains a CWE-502: Deserialization of Untrusted Data vulnerability in getImage() method of Image/ImageProcessor class that can result in Arbitry code execution, file write, etc.. This attack appears to be exploitable via attacker must hos...
Mpdf Project Mpdf
4.3
CVSSv3
CVE-2021-4416
The wp-mpdf plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.5.1. This is due to missing or incorrect nonce validation on the mpdf_admin_savepost() function. This makes it possible for unauthenticated malicious users to save pos...
Wp-mpdf Project Wp-mpdf
NA
CVE-2011-5219
Directory traversal vulnerability in examples/show_code.php in mPDF 5.3 and previous versions allows remote malicious users to read arbitrary files via a .. (dot dot) in the filename parameter.
Mpdf1 Mpdf
Mpdf1 Mpdf 5.2
1 EDB exploit
NA
CVE-2024-27962
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Florian 'fkrauthan' Krauthan allows Reflected XSS.This issue affects wp-mpdf: from n/a up to and including 3.7.1.
6.1
CVSSv3
CVE-2022-45448
M4 PDF plugin for Prestashop sites, in its 3.2.3 version and before, is vulnerable to an arbitrary HTML Document crafting vulnerability. The resource /m4pdf/pdf.php uses templates to dynamically create documents. In the case that the template does not exist, the application will ...
Prestashop M4 Pdf
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-37884
CVE-2024-6003
remote
brute force
information disclosure
CVE-2024-27801
CVE-2024-30078
CVE-2024-31870
CVE-2024-6042
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started