5 matches found
CVE-2024-55652
PenDoc is a penetration testing reporting application. Prior to commit 1d4219c596f4f518798492e48386a20c6e9a2fe6, an attacker can write a malicious docx template containing expressions that escape the JavaScript sandbox to execute arbitrary code on the system. An attacker who can control the...
CVE-2024-55652
PenDoc is a penetration testing reporting application. Prior to commit 1d4219c596f4f518798492e48386a20c6e9a2fe6, an attacker can write a malicious docx template containing expressions that escape the JavaScript sandbox to execute arbitrary code on the system. An attacker who can control the...
CVE-2024-55652 PwnDoc Server-Side Template Injection vulnerability - Sandbox Escape to RCE using custom filters
PenDoc is a penetration testing reporting application. Prior to commit 1d4219c596f4f518798492e48386a20c6e9a2fe6, an attacker can write a malicious docx template containing expressions that escape the JavaScript sandbox to execute arbitrary code on the system. An attacker who can control the...
CVE-2024-55602 PenDoc vulnerable to Arbitrary File Read on updating and downloading templates using Path Traversal
PwnDoc is a penetration test report generator. Prior to commit 1d4219c596f4f518798492e48386a20c6e9a2fe6, an authenticated user who is able to update and download templates can inject path traversal ../ sequences into the file extension property to read arbitrary files on the system. Commit...
CVE-2024-55602 PenDoc vulnerable to Arbitrary File Read on updating and downloading templates using Path Traversal
PwnDoc is a penetration test report generator. Prior to commit 1d4219c596f4f518798492e48386a20c6e9a2fe6, an authenticated user who is able to update and download templates can inject path traversal ../ sequences into the file extension property to read arbitrary files on the system. Commit...