CVE-2025-27413

Name of the Vulnerable Software and Affected Versions PwnDoc versions prior to 1.2.0

Description The issue concerns the backup restore functionality, which allows an administrator to import raw data into the database, including Path Traversal (../) sequences. This is problematic for the template update functionality as it uses the path from the database to write arbitrary content to, potentially overwriting source code to achieve Remote Code Execution. Any user with the backups:create, backups:update, and templates:update permissions, which are limited to administrators by default, can write arbitrary content to anywhere on the filesystem. By overwriting source code, it is possible to achieve Remote Code Execution.

Recommendations For versions prior to 1.2.0, update to version 1.2.0 to resolve the issue. As a temporary workaround, consider restricting the backups:create, backups:update, and templates:update permissions to limit the potential for exploitation. Additionally, restrict access to the template update functionality to minimize the risk of arbitrary content being written to the filesystem.