CVE-2018-19047

NONE EPSS 79.2%
Published Nov 7, 20187y ago · Modified Jun 17, 20262w ago
Find Similar
Published Nov 7, 2018 7y ago
Last Modified Jun 17, 2026 2w ago

Description

mPDF through 7.1.6, if deployed as a web application that accepts arbitrary HTML, allows SSRF, as demonstrated by a '<img src="http://192.168' substring that triggers a call to getImage in Image/ImageProcessor.php. NOTE: the software maintainer disputes this, stating "If you allow users to pass HTML without sanitising it, you're asking for trouble.

Threat Intelligence

EPSS Exploit Probability
79.2% percentile
Exploit & Patch Status
Public Exploit Known
No Patch Available

Weaknesses 1

CWE-918 Server-Side Request Forgery (SSRF) Validation

Affected Products 1

VendorProductVersionRange
mpdf_projectmpdf* ≤7.1.6

References 1

  • github.com https://github.com/mpdf/mpdf/issues/867
    ExploitThird Party Advisory

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.