CVE-2011-5219

mPDF < 5.3 - Path Traversal via Filename Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2011-5219. PoCs published by ZadYree.

AI-analyzed exploit summary This exploit leverages a path traversal vulnerability in mPDF <= 5.3 to disclose arbitrary files by manipulating the 'filename' parameter in 'show_code.php'. It retrieves the file content as a PDF and converts it to text.

Description

Directory traversal vulnerability in examples/show_code.php in mPDF 5.3 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the filename parameter.

Exploits (1)

exploitdb WORKING POC

by ZadYree · perlwebappsphp

https://www.exploit-db.com/exploits/18248

View Code ZIP pw:eip

This exploit leverages a path traversal vulnerability in mPDF <= 5.3 to disclose arbitrary files by manipulating the 'filename' parameter in 'show_code.php'. It retrieves the file content as a PDF and converts it to text.

Classification

Working Poc 95%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: mPDF <= 5.3

No auth needed

Prerequisites: Target must have mPDF <= 5.3 installed · Access to the 'examples/show_code.php' endpoint

MITRE ATT&CK

T1006 - Direct Volume Access

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4

Core References

Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb

http://osvdb.org/77939

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/47262

Exploit exploit x_refsource_exploit-db

http://www.exploit-db.com/exploits/18248

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/71862

Scores

EPSS 0.1519

EPSS Percentile 94.8%

Details

CWE

CWE-22

Status published

Products (2)

mpdf1/mpdf 5.2

mpdf1/mpdf < 5.3

Published Oct 25, 2012

Tracked Since Feb 18, 2026