CVE-2024-51058
published 2024-11-26CVE-2024-51058: Local File Inclusion (LFI) vulnerability has been discovered in TCPDF 6.7.5. This vulnerability enables a user to read arbitrary files from the server's file…
PriorityP428medium6.2CVSS 3.1
AVLACLPRNUINSUCHINAN
EPSS
0.82%
52.5th percentile
Local File Inclusion (LFI) vulnerability has been discovered in TCPDF 6.7.5. This vulnerability enables a user to read arbitrary files from the server's file system through src tag, potentially exposing sensitive information.
Affected
7 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | tcpdf | < tcpdf 6.6.2+dfsg1-1+deb12u1 (bookworm) | tcpdf 6.6.2+dfsg1-1+deb12u1 (bookworm) |
| tcpdf_project | tcpdf | — | — |
| tcpdf_project | tcpdf | >= 0 < 6.3.5+dfsg1-1+deb11u1 | 6.3.5+dfsg1-1+deb11u1 |
| tcpdf_project | tcpdf | >= 0 < 6.6.2+dfsg1-1+deb12u1 | 6.6.2+dfsg1-1+deb12u1 |
| tcpdf_project | tcpdf | >= 0 < 6.7.7+dfsg-1 | 6.7.7+dfsg-1 |
| tcpdf_project | tcpdf | >= 0 < 6.7.7+dfsg-1 | 6.7.7+dfsg-1 |
| tecnickcom | tcpdf | >= 0 < 6.7.6 | 6.7.6 |
CVSS provenance
nvdv3.16.2MEDIUMCVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
osv6.2MEDIUM
vendor_debian6.2MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
TCPDF Local File Inclusion vulnerability
ghsa·2024-11-26
CVE-2024-51058 [MEDIUM] CWE-552 TCPDF Local File Inclusion vulnerability
TCPDF Local File Inclusion vulnerability
Local File Inclusion (LFI) vulnerability has been discovered in TCPDF 6.7.5. This vulnerability enables a user to read arbitrary files from the server's file system through src tag, potentially exposing sensitive information.
OSV
TCPDF Local File Inclusion vulnerability
osv·2024-11-26
CVE-2024-51058 [MEDIUM] TCPDF Local File Inclusion vulnerability
TCPDF Local File Inclusion vulnerability
Local File Inclusion (LFI) vulnerability has been discovered in TCPDF 6.7.5. This vulnerability enables a user to read arbitrary files from the server's file system through src tag, potentially exposing sensitive information.
OSV
CVE-2024-51058: Local File Inclusion (LFI) vulnerability has been discovered in TCPDF 6
osv·2024-11-26·CVSS 6.2
CVE-2024-51058 [MEDIUM] CVE-2024-51058: Local File Inclusion (LFI) vulnerability has been discovered in TCPDF 6
Local File Inclusion (LFI) vulnerability has been discovered in TCPDF 6.7.5. This vulnerability enables a user to read arbitrary files from the server's file system through src tag, potentially exposing sensitive information.
Debian
CVE-2024-51058: tcpdf - Local File Inclusion (LFI) vulnerability has been discovered in TCPDF 6.7.5. Thi...
vendor_debian·2024·CVSS 6.2
CVE-2024-51058 [MEDIUM] CVE-2024-51058: tcpdf - Local File Inclusion (LFI) vulnerability has been discovered in TCPDF 6.7.5. Thi...
Local File Inclusion (LFI) vulnerability has been discovered in TCPDF 6.7.5. This vulnerability enables a user to read arbitrary files from the server's file system through src tag, potentially exposing sensitive information.
Scope: local
bookworm: resolved (fixed in 6.6.2+dfsg1-1+deb12u1)
bullseye: resolved (fixed in 6.3.5+dfsg1-1+deb11u1)
forky: resolved (fixed in 6.7.7+dfsg-1)
sid: resolved (fixed in 6.7.7+dfsg-1)
trixie: resolved (fixed in 6.7.7+dfsg-1)
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2024-11-26
Published