Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
PwnDoc Server-Side Template Injection vulnerability - Sandbox Escape to RCE using custom filters
Vulnerability Description
PenDoc is a penetration testing reporting application. Prior to commit 1d4219c596f4f518798492e48386a20c6e9a2fe6, an attacker can write a malicious docx template containing expressions that escape the JavaScript sandbox to execute arbitrary code on the system. An attacker who can control the contents of the template document is able to execute arbitrary code on the system. By default, only users with the `admin` role are able to create or update templates. Commit 1d4219c596f4f518798492e48386a20c6e9a2fe6 patches the issue.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
Vulnerability Type
CWE-1336
Vulnerability Title
PwnDoc 安全漏洞
Vulnerability Description
PwnDoc是PwnDoc开源的一个渗透测试报告生成器。 PwnDoc存在安全漏洞,该漏洞源于攻击者可以编写一个恶意docx模板,其中包含逃避JavaScript沙箱的表达式,以在系统上执行任意代码。
CVSS Information
N/A
Vulnerability Type
N/A