Pwndoc_project Pwndoc
9 CVEs affecting Pwndoc_project Pwndoc. Latest disclosed: 2025-02-28. Critical: 0, High: 3.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2022-45771 | High | 8.8 | 2022-12-05 | An issue in the /api/audits component of Pwndoc v0.5.3 allows attackers to escalate privileges and execute arbitrary code via uploading a crafted audit file. |
CVE-2021-31590 | High | 8.8 | 2021-07-19 | PwnDoc all versions until 0.4.0 (2021-08-23) has incorrect JSON Webtoken handling, leading to incorrect access control. With a valid JSON Webtoken that is used… |
CVE-2024-55602 | High | 7.6 | 2024-12-10 | PwnDoc is a penetration test report generator. Prior to commit 1d4219c596f4f518798492e48386a20c6e9a2fe6, an authenticated user who is able to update and downlo… |
CVE-2025-23044 | Medium | 6.8 | 2025-01-20 | PwnDoc is a penetration test report generator. There is no CSRF protection in pwndoc, allowing attackers to send requests on a logged-in user's behalf. This in… |
CVE-2025-27413 | Medium | 6.5 | 2025-02-28 | PwnDoc is a penetration test reporting application. Prior to version 1.2.0, the backup restore functionality allows an administrator to import raw data into th… |
CVE-2025-27410 | Medium | 6.5 | 2025-02-28 | PwnDoc is a penetration test reporting application. Prior to version 1.2.0, the backup restore functionality is vulnerable to path traversal in the TAR entry's… |
CVE-2024-55653 | Medium | 6.5 | 2024-12-10 | PwnDoc is a penetration test report generator. In versions up to and including 0.5.3, an authenticated user is able to crash the backend by raising a `Unhandle… |
CVE-2022-44023 | Medium | 5.3 | 2022-10-30 | PwnDoc through 0.5.3 might allow remote attackers to identify disabled user account names by leveraging response messages for authentication attempts. |
CVE-2022-44022 | Medium | 5.3 | 2022-10-30 | PwnDoc through 0.5.3 might allow remote attackers to identify valid user account names by leveraging response timings for authentication attempts. |