Security Advisory

CVE-2024-55602

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2024-12-10 16:58:12

Last updated 2024-12-10 17:22:00

Assigner GitHub_M

State PUBLISHED

Description

PwnDoc is a penetration test report generator. Prior to commit 1d4219c596f4f518798492e48386a20c6e9a2fe6, an authenticated user who is able to update and download templates can inject path traversal (`../`) sequences into the file extension property to read arbitrary files on the system. Commit 1d4219c596f4f518798492e48386a20c6e9a2fe6 contains a patch for the issue.

← Browse all CVEs View on cve.org ↗