CVE-2024-27292

HIGH EXPLOITED NUCLEI

Docassemble - Local File Inclusion

Title source: nuclei

Description

Docassemble is an expert system for guided interviews and document assembly. The vulnerability allows attackers to gain unauthorized access to information on the system through URL manipulation. It affects versions 1.4.53 to 1.4.96. The vulnerability has been patched in version 1.4.97 of the master branch.

Exploits (2)

nomisec WORKING POC 7 stars

by th3gokul · infoleak

https://github.com/th3gokul/CVE-2024-27292

View Code ZIP pw:eip

nomisec WORKING POC 3 stars

by NingXin2002 · infoleak

https://github.com/NingXin2002/Docassemble_poc

View Code ZIP pw:eip

Nuclei Templates (1)

Docassemble - Local File Inclusion

HIGHVERIFIEDby johnk3r

Shodan: http.title:"docassemble"

FOFA: icon_hash="-575790689"

References (2)

[Third Party Advisory] https://github.com/jhpyle/docassemble/security/advisories/GHSA-jq57-3w7p-vwvv

[Patch] https://github.com/jhpyle/docassemble/commit/97f77dc486a26a22ba804765bfd7058aabd600c9

Scores

CVSS v3 7.5

EPSS 0.9383

EPSS Percentile 99.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact partial

Details

VulnCheck KEV 2025-06-07

CWE

CWE-706

Status published

Products (3)

jhpyle/docassemble 1.4.53 - 1.4.97

pypi/docassemble.base 1.4.53 - 1.4.97PyPI

pypi/docassemble.webapp 1.4.53 - 1.4.97PyPI

Published Mar 21, 2024

Tracked Since Feb 18, 2026