Skip to main content

Showdoc CVE-2022-0951

MEDIUM
Unrestricted Upload of File with Dangerous Type (CWE-434)
2022-03-15 security@huntr.dev
6.1
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
6.1 MEDIUM
AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Changed
Confidentiality
Low
Integrity
Low
Availability
None

Lifecycle Timeline

1
CVE Published
Mar 15, 2022 - 09:15 nvd
MEDIUM 6.1

DescriptionNVD

File Upload Restriction Bypass leading to Stored XSS Vulnerability in GitHub repository star7th/showdoc prior to 2.10.4.

AnalysisAI

File Upload Restriction Bypass leading to Stored XSS Vulnerability in GitHub repository star7th/showdoc prior to 2.10.4. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Technical ContextAI

This vulnerability is classified as Unrestricted File Upload (CWE-434), which allows attackers to upload malicious files that can be executed on the server. File Upload Restriction Bypass leading to Stored XSS Vulnerability in GitHub repository star7th/showdoc prior to 2.10.4. Affected products include: Showdoc. Version information: prior to 2.10.4..

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Validate file types server-side, store uploads outside webroot, use random filenames, scan for malware.

CVE-2021-36440 CRITICAL POC
9.8 Sep 08

Unrestricted File Upload in ShowDoc v2.9.5 allows remote attackers to execute arbitrary code via the 'file_url' paramete

CVE-2021-4168 HIGH POC
8.8 Dec 26

showdoc is vulnerable to Cross-Site Request Forgery (CSRF). Rated high severity (CVSS 8.8), this vulnerability is remote

CVE-2021-4017 HIGH POC
8.8 Dec 01

showdoc is vulnerable to Cross-Site Request Forgery (CSRF). Rated high severity (CVSS 8.8), this vulnerability is remote

CVE-2022-0409 HIGH POC
7.8 Feb 19

Unrestricted Upload of File with Dangerous Type in Packagist showdoc/showdoc prior to 2.10.2. Rated high severity (CVSS

CVE-2022-1034 HIGH POC
7.2 Mar 22

There is a Unrestricted Upload of File vulnerability in ShowDoc v2.10.3 in GitHub repository star7th/showdoc prior to 2.

CVE-2021-3993 MEDIUM POC
6.5 Dec 01

showdoc is vulnerable to Cross-Site Request Forgery (CSRF). Rated medium severity (CVSS 6.5), this vulnerability is remo

CVE-2021-3990 MEDIUM POC
6.5 Dec 01

showdoc is vulnerable to Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG). Rated medium severity (CVS

CVE-2021-3683 MEDIUM POC
6.5 Nov 13

showdoc is vulnerable to Cross-Site Request Forgery (CSRF). Rated medium severity (CVSS 6.5), this vulnerability is remo

CVE-2018-19621 MEDIUM POC
6.5 Nov 28

server/index.php?s=/api/teamMember/save in ShowDoc 2.4.2 has a CSRF that can add members to a team. Rated medium severit

CVE-2018-19609 MEDIUM POC
6.5 Nov 27

ShowDoc 2.4.1 allows remote attackers to obtain sensitive information by navigating with a modified page_id, as demonstr

CVE-2021-4000 MEDIUM POC
6.1 Dec 03

showdoc is vulnerable to URL Redirection to Untrusted Site. Rated medium severity (CVSS 6.1), this vulnerability is remo

CVE-2021-3989 MEDIUM POC
6.1 Dec 01

showdoc is vulnerable to URL Redirection to Untrusted Site. Rated medium severity (CVSS 6.1), this vulnerability is remo

Share

CVE-2022-0951 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy