Category Archives: Windows

[CVE-2020-22721]- Pnotes Insecure .exe File Upload Vulnerability – code execution

Product Owner: PNotes – Andrey Gruber © 2007 – 2020

Type:  Installable/Customer-Controlled Application

Application Name: PNotesNET version

Managing your day-to-day life is not an easy job to do. There are so many things for concern – housekeeping, shopping, children… And what about cousin’s birthday that you always forget or important phone numbers? Undoubtedly your working place is covered with dusty yellow (or blue, or pink) sticky notes. If so – PNotes is right for you. Throw the physical stickies away and replace them with virtual ones on your desktop.

PNotes (Pinned Notes or Portable Notes, use what you prefer) exists in two different editions:

  • PNotes – the older one, written entirely in plain C and Windows API (with Pelles C for Windows IDE)
  • PNotes.NET – the newer one, written in C#, requires .NET Framework 4.5

Product Url:

Download Url:

Application Release Date: 04 May 2019

Severity: High

Authentication: Required

Complexity: Medium

Vulnerability Name: Pnotes Insecure File Upload Vulnerability using (Miscellaneous – External Programs) and arbitrary code execution

Vulnerability Explanation: Pnotes is manily used for taking notes, especially a third party open source application. We can upload malicious .exe file via Miscellaneous – External programs and perform code execution via command line access.

PNotes Documentation – about External Programs use

Tested Os: Windows 10 Pro

Vulnerability Details:

Creating a malicious payload using msfvenom

Using Msfvenom we create malicious .exe file to upload

Transfer Malocious implant .exe file – Pnshell.exe to victim system :

Pnshell Upload in Miscellaneous – External programs

Uploading implant .Exe file
Click Run to Execute the external program – PnotesShell

Code Execution using Pnshell.exe :

Command Line Access:

Pnotes Revershell

Vendor Status:

[18.04.2020] Vulnerability discovered.
[18.04.2020] Vendor contacted.

[19.04.2020] CVE applied

[14.08.2020] CVE Assigned – CVE-2020-22721