CNNVD-202601-1942 Information

CNNVD ID

CNNVD-202601-1942

Related CVE

CVE-2022-50897

• CNNVD Published: 2026-01-13

Description (Chinese)

mPDF是mPDF开源的一款使用PHP编写的用于将HTML转换成PDF文件的库。 mPDF 7.0版本存在安全漏洞，该漏洞源于注释文件参数存在本地文件包含漏洞，可能导致读取任意系统文件。

Description (English)

mPDF is a section of mPDF open source that uses a library developed by PHP to convert HTML to PDF files. MPDF version 7.0 contains a security loophole, which stems from the fact that the comment document parameters contain loopholes in local documents that may lead to reading of any system file.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

mPDF

Published

2026-01-13

Last Modified

2026-02-24

References

https://mpdf.github.io/ https://www.exploit-db.com/exploits/50995 https://www.vulncheck.com/advisories/mpdf-local-file-inclusion

Patch

https://github.com/mpdf/mpdf/releases