CVE-2018-19047
NONE EPSS 79.2%
Published Nov 7, 20187y ago · Modified Jun 17, 20262w ago
Published Nov 7, 2018 7y ago
Last Modified Jun 17, 2026 2w ago
Description
mPDF through 7.1.6, if deployed as a web application that accepts arbitrary HTML, allows SSRF, as demonstrated by a '<img src="http://192.168' substring that triggers a call to getImage in Image/ImageProcessor.php. NOTE: the software maintainer disputes this, stating "If you allow users to pass HTML without sanitising it, you're asking for trouble.
Threat Intelligence
EPSS Exploit Probability
79.2% percentile
Exploit & Patch Status
Public Exploit Known
No Patch Available
Weaknesses 1
CWE-918 Server-Side Request Forgery (SSRF) Validation
Affected Products 1
| Vendor | Product | Version | Range |
|---|---|---|---|
| mpdf_project | mpdf | * | ≤7.1.6 |
References 1
- github.com https://github.com/mpdf/mpdf/issues/867
Remediation
No remediation data recorded yet
Check vendor advisories and the NVD entry for patch availability.