8 matches found
CVE-2025-24885
pwn.college is an education platform to learn about, and practice, core cybersecurity concepts in a hands-on fashion. Missing access control on rendering custom unprivileged dojo pages causes ability for users to create stored XSS...
CVE-2025-24886
pwn.college is an education platform to learn about, and practice, core cybersecurity concepts in a hands-on fashion. Incorrect symlink checks on user specified dojos allows for users admin not required to perform an LFI from the CTFd container. When a user clones or updates repositories, a check...
CVE-2025-24885 pwn.college has a XSS on dojo pages
pwn.college is an education platform to learn about, and practice, core cybersecurity concepts in a hands-on fashion. Missing access control on rendering custom unprivileged dojo pages causes ability for users to create stored XSS...
CVE-2025-24885 pwn.college has a XSS on dojo pages
pwn.college is an education platform to learn about, and practice, core cybersecurity concepts in a hands-on fashion. Missing access control on rendering custom unprivileged dojo pages causes ability for users to create stored XSS...
CVE-2025-24885 pwn.college has a XSS on dojo pages
pwn.college is an education platform to learn about, and practice, core cybersecurity concepts in a hands-on fashion. Missing access control on rendering custom unprivileged dojo pages causes ability for users to create stored XSS...
CVE-2025-24885
CVE-2025-24885 concerns pwn.college and its Dojo pages. The reported vulnerability is a missing access control on rendering custom (unprivileged) Dojo pages, enabling stored XSS via the dojo content. The CVE entry documents a CVSS v3.1 base score of 7.6 (HIGH) with attack vector NETWORK, attack c...
CVE-2025-24886 pwn.college has Symlink LFI in Dojo repos
pwn.college is an education platform to learn about, and practice, core cybersecurity concepts in a hands-on fashion. Incorrect symlink checks on user specified dojos allows for users admin not required to perform an LFI from the CTFd container. When a user clones or updates repositories, a check...
CVE-2025-24886
CVE-2025-24886 involves pwn.college’s Dojo tooling where incorrect symbolic link checks on user-specified dojos allow an LFI from the CTFd container without admin privileges. A malicious user can craft a repository containing symlinks to sensitive files and retrieve them via the CTFd website when...