Pwndoc Security Vulnerabilities and Issues — Pwndoc CVE List

Lucene search

Pwndoc ProjectPwndoc

3 matches found

CVE•added 2024/12/10 11:15 p.m.•58 views

CVE-2024-55653

PwnDoc is a penetration test report generator. In versions up to and including 0.5.3, an authenticated user is able to crash the backend by raising a UnhandledPromiseRejection on audits which exits the backend. The user doesn't need to know the audit id, since a bad audit id will also raise the rej...

6.5CVSS6.8AI score0.00071EPSS

CVE•added 2024/12/10 5:15 p.m.•53 views

CVE-2024-55602

PwnDoc is a penetration test report generator. Prior to commit 1d4219c596f4f518798492e48386a20c6e9a2fe6, an authenticated user who is able to update and download templates can inject path traversal (../) sequences into the file extension property to read arbitrary files on the system. Commit 1d4219...

8.5CVSS7.4AI score0.00052EPSS

CVE•added 2024/12/12 2:15 a.m.•45 views

CVE-2024-55652

PenDoc is a penetration testing reporting application. Prior to commit 1d4219c596f4f518798492e48386a20c6e9a2fe6, an attacker can write a malicious docx template containing expressions that escape the JavaScript sandbox to execute arbitrary code on the system. An attacker who can control the content...

6.5CVSS7.8AI score0.0005EPSS