{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-30T00:31:29.953","vulnerabilities":[{"cve":{"id":"CVE-2025-27413","sourceIdentifier":"security-advisories@github.com","published":"2025-02-28T21:15:27.820","lastModified":"2025-04-15T20:27:24.010","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"PwnDoc is a penetration test reporting application. Prior to version 1.2.0, the backup restore functionality allows an administrator to import raw data into the database, including Path Traversal (`../`) sequences. This is problematic for the template update functionality as it uses the path from the database to write arbitrary content to, potentially overwriting source code to achieve Remote Code Execution. Any user with the `backups:create`, `backups:update` and `templates:update` permissions (only administrators by default) can write arbitrary content to anywhere on the filesystem. By overwriting source code, it is possible to achieve Remote Code Execution. Version 1.2.0 fixes the issue."},{"lang":"es","value":"PwnDoc es una aplicación de informes de pruebas de penetración. Antes de la versión 1.2.0, la función de restauración de copias de seguridad permite a un administrador importar datos sin procesar a la base de datos, incluidas las secuencias Path Traversal (`../`). Esto es problemático para la función de actualización de plantillas, ya que utiliza la ruta de la base de datos para escribir contenido arbitrario, lo que podría sobrescribir el código fuente para lograr la ejecución remota de código. Cualquier usuario con los permisos `backups:create`, `backups:update` y `templates:update` (solo administradores de forma predeterminada) puede escribir contenido arbitrario en cualquier lugar del sistema de archivos. Al sobrescribir el código fuente, es posible lograr la ejecución remota de código. La versión 1.2.0 soluciona el problema."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":1.2,"impactScore":5.2},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N","baseScore":4.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":1.2,"impactScore":3.6}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-22"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:pwndoc_project:pwndoc:*:*:*:*:*:*:*:*","versionEndExcluding":"1.2.0","matchCriteriaId":"11E7BA7B-6D6B-4186-80A8-06B69AA22B20"}]}]}],"references":[{"url":"https://github.com/pwndoc/pwndoc/blob/14acb704891245bf1703ce6296d62112e85aa995/backend/src/models/template.js#L170-L175","source":"security-advisories@github.com","tags":["Product"]},{"url":"https://github.com/pwndoc/pwndoc/blob/14acb704891245bf1703ce6296d62112e85aa995/backend/src/routes/backup.js#L826-L827","source":"security-advisories@github.com","tags":["Product"]},{"url":"https://github.com/pwndoc/pwndoc/blob/14acb704891245bf1703ce6296d62112e85aa995/backend/src/routes/template.js#L63-L66","source":"security-advisories@github.com","tags":["Product"]},{"url":"https://github.com/pwndoc/pwndoc/commit/68aa1ea676a91e17bfb333a27571151bd07fb21d","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/pwndoc/pwndoc/releases/tag/v1.2.0","source":"security-advisories@github.com","tags":["Release Notes"]},{"url":"https://github.com/pwndoc/pwndoc/security/advisories/GHSA-r3vj-47cf-4672","source":"security-advisories@github.com","tags":["Exploit","Vendor Advisory"]},{"url":"https://github.com/pwndoc/pwndoc/security/advisories/GHSA-r3vj-47cf-4672","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Exploit","Vendor Advisory"]}]}}]}