CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 3CVE-2022-45771
https://notcve.org/view.php?id=CVE-2022-45771
An issue in the /api/audits component of Pwndoc v0.5.3 allows attackers to escalate privileges and execute arbitrary code via uploading a crafted audit file. • https://github.com/p0dalirius/CVE-2022-45771-Pwndoc-LFI-to-RCE https://github.com/yuriisanin/CVE-2022-45771 https://github.com/pwndoc/pwndoc https://github.com/pwndoc/pwndoc/issues/401 •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 1CVE-2022-44022
https://notcve.org/view.php?id=CVE-2022-44022
PwnDoc through 0.5.3 might allow remote attackers to identify valid user account names by leveraging response timings for authentication attempts. PwnDoc hasta 0.5.3 podría permitir a atacantes remotos identificar nombres de cuentas de usuario válidos aprovechando los tiempos de respuesta para los intentos de autenticación. • https://cve.nstsec.com/cve-2022-44022 https://github.com/pwndoc/pwndoc/issues/381 • CWE-307: Improper Restriction of Excessive Authentication Attempts •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 1CVE-2022-44023
https://notcve.org/view.php?id=CVE-2022-44023
PwnDoc through 0.5.3 might allow remote attackers to identify disabled user account names by leveraging response messages for authentication attempts. PwnDoc hasta 0.5.3 podría permitir a atacantes remotos identificar nombres de cuentas de usuario deshabilitadas aprovechando los mensajes de respuesta para intentos de autenticación. • https://cve.nstsec.com/cve-2022-44023 https://github.com/pwndoc/pwndoc/issues/382 • CWE-307: Improper Restriction of Excessive Authentication Attempts •