CyberSec.Space Logo
返回 CVE 浏览器

CVE-2011-5219

MEDIUM
5.0
CVSS Severity Score
EPSS Score0.1560%
EPSS Percentile7.75th
Published2012年10月25日
Last Modified2026年4月29日

Vulnerability Description

Directory traversal vulnerability in examples/show_code.php in mPDF 5.3 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the filename parameter.

Affected Platforms (CPE)

📦
Mpdf1

Mpdf

<= 5.3
📦
Mpdf1

Mpdf

= 5.2

References & Advisories

🔗 http://osvdb.org/77939
🔗 http://secunia.com/advisories/47262
🔗 http://www.exploit-db.com/exploits/18248
🔗 https://exchange.xforce.ibmcloud.com/vulnerabilities/71862
🔗 http://osvdb.org/77939
🔗 http://secunia.com/advisories/47262
🔗 http://www.exploit-db.com/exploits/18248
🔗 https://exchange.xforce.ibmcloud.com/vulnerabilities/71862

相关漏洞威胁

CVE-2018-1904710.0

mPDF through 7.1.6, if deployed as a web application that accepts arbitrary HTML, allows SSRF, as demonstrated by a '<img src="htt...

CVE-2019-10000058.8

mPDF version 7.1.7 and earlier contains a CWE-502: Deserialization of Untrusted Data vulnerability in getImage() method of Image/I...

CVE-2021-44164.3

The wp-mpdf plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.5.1. This is due ...

CVE-2011-262810.0

Opera before 11.11 does not properly implement FRAMESET elements, which allows remote attackers to execute arbitrary code or cause...