CVE-2022-45771

HIGH

pwndoc v0.5.3 - Unauthenticated Arbitrary Code Execution via Crafted Audit File Upload

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2022-45771. PoCs published by p0dalirius, yuriisanin.

AI-analyzed exploit summary This PoC exploits CVE-2022-45771, a Local File Inclusion (LFI) vulnerability in Pwndoc that can be chained to achieve Remote Code Execution (RCE). The script automates the process of creating malicious templates and generating reports to trigger the vulnerability.

Description

An issue in the /api/audits component of Pwndoc v0.5.3 allows attackers to escalate privileges and execute arbitrary code via uploading a crafted audit file.

Exploits (2)

nomisec WORKING POC 47 stars

by p0dalirius · poc

https://github.com/p0dalirius/CVE-2022-45771-Pwndoc-LFI-to-RCE

View Code ZIP pw:eip

This PoC exploits CVE-2022-45771, a Local File Inclusion (LFI) vulnerability in Pwndoc that can be chained to achieve Remote Code Execution (RCE). The script automates the process of creating malicious templates and generating reports to trigger the vulnerability.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Pwndoc (version not specified)

Auth required

Prerequisites: Valid credentials for Pwndoc · Network access to the target Pwndoc instance

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

nomisec WORKING POC 6 stars

by yuriisanin · poc

https://github.com/yuriisanin/CVE-2022-45771

View Code ZIP pw:eip

This PoC demonstrates a path traversal and local file inclusion vulnerability in PwnDoc, allowing unprivileged users to disclose JWT secrets and achieve privilege escalation by exploiting insecure `require` function usage and template injection.

Classification

Working Poc 100%

Attack Type

Info Leak | Auth Bypass

Complexity

Moderate

Reliability

Reliable

Target: PwnDoc (version not specified)

Auth required

Prerequisites: Valid user account with 'user' role · Report template with specific tags

MITRE ATT&CK

T1006 - Direct Volume Access T1552 - Unsecured Credentials

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2

Core References

Product

https://github.com/pwndoc/pwndoc

Exploit, Issue Tracking, Third Party Advisory

https://github.com/pwndoc/pwndoc/issues/401

Scores

CVSS v3 8.8

EPSS 0.0175

EPSS Percentile 74.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact total

Details

CWE

CWE-434

Status published

Products (1)

pwndoc_project/pwndoc 0.5.3

Published Dec 05, 2022

Tracked Since Feb 18, 2026