Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
PwnDoc all versions until 0.4.0 (2021-08-23) has incorrect JSON Webtoken handling, leading to incorrect access control. With a valid JSON Webtoken that is used for authentication and authorization, a user can keep his admin privileges even if he is downgraded to the "user" privilege. Even after a user's account is deleted, the user can still access the administration panel (and add or delete users) and has complete access to the system.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
PwnDoc 安全漏洞
Vulnerability Description
PwnDoc是一个应用软件。渗透测试报告生成器 PwnDoc 2021-04-22 版本及之前版本存在安全漏洞,该漏洞源于错误的JSON Webtoken处理,导致不正确的访问控制。
CVSS Information
N/A
Vulnerability Type
N/A