CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-26476
https://notcve.org/view.php?id=CVE-2024-26476
28 Feb 2024 — An issue in open-emr before v.7.0.2 allows a remote attacker to escalate privileges via a crafted script to the formid parameter in the ereq_form.php component. Un problema en open-emr anterior a v.7.0.2 permite a un atacante remoto escalar privilegios mediante un script manipulado al parámetro formid en el componente ereq_form.php. • https://github.com/c4v4r0n/Research/blob/main/openemr_BlindSSRF/README.md • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0CVE-2021-4416 – wp-mpdf <= 3.5.1 - Cross-Site Request Forgery Bypass
https://notcve.org/view.php?id=CVE-2021-4416
21 Jun 2021 — The wp-mpdf plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.5.1. This is due to missing or incorrect nonce validation on the mpdf_admin_savepost() function. This makes it possible for unauthenticated attackers to save post data via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. El plugin wp-mpdf para WordPress es vulnerable a ataques de tipo Cross-Site Request Forgery en versiones hasta l... • https://blog.nintechnet.com/25-wordpress-plugins-vulnerable-to-csrf-attacks • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 8.8EPSS: 1%CPEs: 1EXPL: 1CVE-2019-1000005
https://notcve.org/view.php?id=CVE-2019-1000005
04 Feb 2019 — mPDF version 7.1.7 and earlier contains a CWE-502: Deserialization of Untrusted Data vulnerability in getImage() method of Image/ImageProcessor class that can result in Arbitry code execution, file write, etc.. This attack appears to be exploitable via attacker must host crafted image on victim server and trigger generation of pdf file with content . This vulnerability appears to have been fixed in 7.1.8. mPDF, en versiones 7.1.7 y anteriores, contiene una vulnerabili... • https://github.com/mpdf/mpdf/issues/949 • CWE-502: Deserialization of Untrusted Data •
CVSS: 10.0EPSS: 1%CPEs: 1EXPL: 1CVE-2018-19047
https://notcve.org/view.php?id=CVE-2018-19047
07 Nov 2018 — mPDF through 7.1.6, if deployed as a web application that accepts arbitrary HTML, allows SSRF, as demonstrated by a '