MaxNad

3 exploits Active since Dec 2024
CVE-2024-55602 WRITEUP HIGH WRITEUP
pwndoc < 1.2.1 - Authenticated Path Traversal via Template File Extension
PwnDoc is a penetration test report generator. Prior to commit 1d4219c596f4f518798492e48386a20c6e9a2fe6, an authenticated user who is able to update and download templates can inject path traversal (`../`) sequences into the file extension property to read arbitrary files on the system. Commit 1d4219c596f4f518798492e48386a20c6e9a2fe6 contains a patch for the issue.
CVSS 7.6
CVE-2024-55652 WRITEUP MEDIUM WRITEUP
PenDoc <1d4219c596f4f518798492e48386a20c6 - Code Injection
PenDoc is a penetration testing reporting application. Prior to commit 1d4219c596f4f518798492e48386a20c6e9a2fe6, an attacker can write a malicious docx template containing expressions that escape the JavaScript sandbox to execute arbitrary code on the system. An attacker who can control the contents of the template document is able to execute arbitrary code on the system. By default, only users with the `admin` role are able to create or update templates. Commit 1d4219c596f4f518798492e48386a20c6e9a2fe6 patches the issue.
CVSS 6.5
CVE-2025-23044 WRITEUP MEDIUM WRITEUP
pwndoc < 0.9.0 - Cross-Site Request Forgery
PwnDoc is a penetration test report generator. There is no CSRF protection in pwndoc, allowing attackers to send requests on a logged-in user's behalf. This includes GET and POST requests due to the missing SameSite= attribute on cookies and the ability to refresh cookies. Commit 14acb704891245bf1703ce6296d62112e85aa995 patches the issue.
CVSS 6.8