Pwndoc@* Security Vulnerabilities and Issues — Pwndoc@* CVE List

Lucene search

Pwndoc ProjectPwndoc*

3 matches found

CVE•added 2025/02/28 9:15 p.m.•51 views

CVE-2025-27410

PwnDoc is a penetration test reporting application. Prior to version 1.2.0, the backup restore functionality is vulnerable to path traversal in the TAR entry's name, allowing an attacker to overwrite any file on the system with their content. By overwriting an included .js file and restarting the c...

6.5CVSS8.3AI score0.17043EPSS

CVE•added 2025/02/28 9:15 p.m.•48 views

CVE-2025-27413

PwnDoc is a penetration test reporting application. Prior to version 1.2.0, the backup restore functionality allows an administrator to import raw data into the database, including Path Traversal (../) sequences. This is problematic for the template update functionality as it uses the path from the...

6.5CVSS7.6AI score0.00349EPSS

CVE•added 2025/01/20 4:15 p.m.•43 views

CVE-2025-23044

PwnDoc is a penetration test report generator. There is no CSRF protection in pwndoc, allowing attackers to send requests on a logged-in user's behalf. This includes GET and POST requests due to the missing SameSite= attribute on cookies and the ability to refresh cookies. Commit 14acb704891245bf17...

8.1CVSS6.6AI score0.0003EPSS