Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
mPDF version 7.1.7 and earlier contains a CWE-502: Deserialization of Untrusted Data vulnerability in getImage() method of Image/ImageProcessor class that can result in Arbitry code execution, file write, etc.. This attack appears to be exploitable via attacker must host crafted image on victim server and trigger generation of pdf file with content <img src="phar://path/to/crafted/image">. This vulnerability appears to have been fixed in 7.1.8.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
mPDF 安全漏洞
Vulnerability Description
mPDF是一款使用PHP编写的用于将HTML转换成PDF文件的库。 mPDF 7.1.7及之前版本中Image/ImageProcessor类的getImage()方法存在安全漏洞。攻击者可借助特制的图像利用该漏洞执行任意代码,写入文件或造成其他危害。
CVSS Information
N/A
Vulnerability Type
N/A