CyberSec.Space Logo
Back to CVE Browser

CVE-2011-5219

MEDIUM
5.0
CVSS Severity Score
EPSS Score0.1560%
EPSS Percentile7.75th
PublishedOct 25, 2012
Last ModifiedApr 29, 2026

Vulnerability Description

Directory traversal vulnerability in examples/show_code.php in mPDF 5.3 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the filename parameter.

Affected Platforms (CPE)

πŸ“¦
Mpdf1

Mpdf

<= 5.3
πŸ“¦
Mpdf1

Mpdf

= 5.2

References & Advisories

πŸ”— http://osvdb.org/77939
πŸ”— http://secunia.com/advisories/47262
πŸ”— http://www.exploit-db.com/exploits/18248
πŸ”— https://exchange.xforce.ibmcloud.com/vulnerabilities/71862
πŸ”— http://osvdb.org/77939
πŸ”— http://secunia.com/advisories/47262
πŸ”— http://www.exploit-db.com/exploits/18248
πŸ”— https://exchange.xforce.ibmcloud.com/vulnerabilities/71862

Related Vulnerabilities

CVE-2018-1904710.0

mPDF through 7.1.6, if deployed as a web application that accepts arbitrary HTML, allows SSRF, as demonstrated by a '<img src="htt...

CVE-2019-10000058.8

mPDF version 7.1.7 and earlier contains a CWE-502: Deserialization of Untrusted Data vulnerability in getImage() method of Image/I...

CVE-2021-44164.3

The wp-mpdf plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.5.1. This is due ...

CVE-2026-48777

FileBrowser Quantum is a free, self-hosted, web-based file manager. Versions prior to 1.3.2-stable, 1.4.0-beta and 1.4.1-beta are ...