Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2025-27134 PoC — Joplin 安全漏洞

Source
https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2025/CVE-2025-27134.yaml
Associated Vulnerability
Title:Joplin 安全漏洞 (CVE-2025-27134)
Description:Joplin是Laurent Cozic个人开发者的一款开源的笔记和待办事项应用程序。 Joplin 3.3.3之前版本存在安全漏洞,该漏洞源于非管理员用户可利用API端点设置is_admin字段,可能导致权限提升。
Description
Joplin is a free, open source note taking and to-do application, which can handle a large number of notes organised into notebooks. Prior to version 3.3.3, a privilege escalation vulnerability exists in the Joplin server, allowing non-admin users to exploit the API endpoint `PATCH /api/users/-id` to set the `is_admin` field to 1. The vulnerability allows malicious low-privileged users to perform administrative actions without proper authorization. This issue has been patched in version 3.3.3.
File Snapshot

 id: CVE-2025-27134

info:
  name: Joplin 3.3.3 Server - Privilege Escalation
  author: zonia3000
  s

...
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.