Skip to main content

Showdoc

39 CVEs product

Monthly

CVE-2022-1034 PHP HIGH POC PATCH This Week

There is a Unrestricted Upload of File vulnerability in ShowDoc v2.10.3 in GitHub repository star7th/showdoc prior to 2.10.4. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

File Upload Showdoc
NVD GitHub
CVSS 3.1
7.2
EPSS
1.5%
CVE-2022-0967 PHP MEDIUM POC PATCH This Month

Stored XSS via File Upload in star7th/showdoc in star7th/showdoc in GitHub repository star7th/showdoc prior to 2.10.4. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS File Upload Showdoc
NVD GitHub Exploit-DB
CVSS 3.1
5.4
EPSS
3.3%
CVE-2022-0966 PHP MEDIUM POC PATCH This Month

Stored XSS via File Upload in star7th/showdoc in GitHub repository star7th/showdoc prior to 2.4.10. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS File Upload Showdoc
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-0965 PHP MEDIUM POC PATCH This Month

Stored XSS viva .ofd file upload in GitHub repository star7th/showdoc prior to 2.10.4. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS File Upload Showdoc
NVD GitHub
CVSS 3.1
5.4
EPSS
0.9%
CVE-2022-0964 PHP MEDIUM POC PATCH This Month

Stored XSS viva .webmv file upload in GitHub repository star7th/showdoc prior to 2.10.4. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS File Upload Showdoc
NVD GitHub
CVSS 3.1
5.4
EPSS
0.8%
CVE-2022-0942 PHP MEDIUM POC PATCH This Month

Stored XSS due to Unrestricted File Upload in GitHub repository star7th/showdoc prior to 2.10.4. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS File Upload Showdoc
NVD GitHub
CVSS 3.1
5.4
EPSS
0.7%
CVE-2022-0957 PHP MEDIUM POC PATCH This Month

Stored XSS via File Upload in GitHub repository star7th/showdoc prior to 2.10.4. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS File Upload Showdoc
NVD GitHub
CVSS 3.1
5.4
EPSS
0.8%
CVE-2022-0956 PHP MEDIUM POC PATCH This Month

Stored XSS via File Upload in GitHub repository star7th/showdoc prior to v.2.10.4. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS File Upload Showdoc
NVD GitHub
CVSS 3.1
5.4
EPSS
0.7%
CVE-2022-0951 PHP MEDIUM POC PATCH This Month

File Upload Restriction Bypass leading to Stored XSS Vulnerability in GitHub repository star7th/showdoc prior to 2.10.4. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS File Upload Showdoc
NVD GitHub
CVSS 3.1
6.1
EPSS
0.9%
CVE-2022-0950 PHP MEDIUM POC PATCH This Month

Unrestricted Upload of File with Dangerous Type in GitHub repository star7th/showdoc prior to 2.10.4. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

File Upload Showdoc
NVD GitHub
CVSS 3.1
5.4
EPSS
0.6%
CVE-2022-0945 PHP MEDIUM POC PATCH This Month

Stored XSS viva axd and cshtml file upload in star7th/showdoc in GitHub repository star7th/showdoc prior to v2.10.4. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS File Upload Showdoc
NVD GitHub
CVSS 3.1
5.4
EPSS
0.8%
CVE-2022-0962 PHP MEDIUM POC PATCH This Month

Stored XSS viva .webma file upload in GitHub repository star7th/showdoc prior to 2.10.4. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS File Upload Showdoc
NVD GitHub
CVSS 3.1
5.4
EPSS
0.9%
CVE-2022-0960 PHP MEDIUM POC PATCH This Month

Stored XSS viva .properties file upload in GitHub repository star7th/showdoc prior to 2.10.4. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS File Upload Showdoc
NVD GitHub
CVSS 3.1
5.4
EPSS
0.8%
CVE-2022-0946 PHP MEDIUM POC PATCH This Month

Stored XSS viva cshtm file upload in GitHub repository star7th/showdoc prior to v2.10.4. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS File Upload Showdoc
NVD GitHub
CVSS 3.1
5.4
EPSS
0.8%
CVE-2022-0941 PHP MEDIUM POC PATCH This Month

Stored XSS due to Unrestricted File Upload in GitHub repository star7th/showdoc prior to v2.10.4. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS File Upload Showdoc
NVD GitHub
CVSS 3.1
5.4
EPSS
0.6%
CVE-2022-0940 PHP MEDIUM POC PATCH This Month

Stored XSS due to Unrestricted File Upload in GitHub repository star7th/showdoc prior to v2.10.4. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS File Upload Showdoc
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-0938 PHP MEDIUM POC PATCH This Month

Stored XSS via file upload in GitHub repository star7th/showdoc prior to v2.10.4. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS File Upload Showdoc
NVD GitHub
CVSS 3.1
5.4
EPSS
0.6%
CVE-2022-0937 PHP MEDIUM POC PATCH This Month

Stored xss in showdoc through file upload in GitHub repository star7th/showdoc prior to 2.10.4. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS File Upload Showdoc
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-0880 PHP MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Stored in GitHub repository star7th/showdoc prior to 2.10.2. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Showdoc
NVD GitHub
CVSS 3.1
5.4
EPSS
0.7%
CVE-2022-0409 PHP HIGH POC PATCH This Week

Unrestricted Upload of File with Dangerous Type in Packagist showdoc/showdoc prior to 2.10.2. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

File Upload Showdoc
NVD GitHub
CVSS 3.1
7.8
EPSS
0.9%
CVE-2022-0079 PHP MEDIUM POC PATCH This Month

showdoc is vulnerable to Generation of Error Message Containing Sensitive Information. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Showdoc
NVD GitHub
CVSS 3.1
5.3
EPSS
1.0%
CVE-2021-4168 PHP HIGH POC PATCH This Week

showdoc is vulnerable to Cross-Site Request Forgery (CSRF). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

CSRF Showdoc
NVD GitHub
CVSS 3.1
8.8
EPSS
0.6%
CVE-2021-4000 PHP MEDIUM POC PATCH This Month

showdoc is vulnerable to URL Redirection to Untrusted Site. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Open Redirect Showdoc
NVD GitHub
CVSS 3.1
6.1
EPSS
0.8%
CVE-2021-4017 PHP HIGH POC PATCH This Week

showdoc is vulnerable to Cross-Site Request Forgery (CSRF). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

CSRF Showdoc
NVD GitHub
CVSS 3.1
8.8
EPSS
0.6%
CVE-2021-3993 PHP MEDIUM POC PATCH This Month

showdoc is vulnerable to Cross-Site Request Forgery (CSRF). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

CSRF Showdoc
NVD GitHub
CVSS 3.1
6.5
EPSS
0.5%
CVE-2021-3990 PHP MEDIUM POC PATCH This Month

showdoc is vulnerable to Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Showdoc
NVD GitHub
CVSS 3.1
6.5
EPSS
0.9%
CVE-2021-3989 PHP MEDIUM POC PATCH This Month

showdoc is vulnerable to URL Redirection to Untrusted Site. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Open Redirect Showdoc
NVD GitHub
CVSS 3.1
6.1
EPSS
0.8%
CVE-2021-3776 PHP MEDIUM POC PATCH This Month

showdoc is vulnerable to Cross-Site Request Forgery (CSRF). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

CSRF Showdoc
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2021-3775 PHP MEDIUM POC PATCH This Month

showdoc is vulnerable to Cross-Site Request Forgery (CSRF). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

CSRF Showdoc
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2021-3683 PHP MEDIUM POC PATCH This Month

showdoc is vulnerable to Cross-Site Request Forgery (CSRF). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

CSRF Showdoc
NVD GitHub
CVSS 3.1
6.5
EPSS
0.4%
CVE-2021-41745 PHP CRITICAL PATCH Act Now

ShowDoc 2.8.3 ihas a file upload vulnerability, where attackers can use the vulnerability to obtain server permissions. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Showdoc
NVD GitHub
CVSS 3.1
9.8
EPSS
1.3%
CVE-2021-36440 PHP CRITICAL POC PATCH Act Now

Unrestricted File Upload in ShowDoc v2.9.5 allows remote attackers to execute arbitrary code via the 'file_url' parameter in the component AdminUpdateController.class.php'. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP File Upload Showdoc
NVD GitHub
CVSS 3.1
9.8
EPSS
4.8%
CVE-2021-3678 PHP MEDIUM PATCH This Month

showdoc is vulnerable to Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG). Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Information Disclosure Showdoc
NVD GitHub
CVSS 3.1
5.9
EPSS
1.1%
CVE-2021-3680 PHP MEDIUM POC PATCH This Month

showdoc is vulnerable to Missing Cryptographic Step. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Showdoc
NVD GitHub
CVSS 3.1
4.9
EPSS
0.5%
CVE-2018-19621 PHP MEDIUM POC This Month

server/index.php?s=/api/teamMember/save in ShowDoc 2.4.2 has a CSRF that can add members to a team. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF PHP Showdoc
NVD GitHub
CVSS 3.0
6.5
EPSS
0.4%
CVE-2018-19620 PHP MEDIUM POC PATCH This Month

ShowDoc 2.4.1 allows remote attackers to edit other users' notes by navigating with a modified page_id. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Showdoc
NVD GitHub
CVSS 3.0
4.3
EPSS
1.3%
CVE-2018-19609 PHP MEDIUM POC This Month

ShowDoc 2.4.1 allows remote attackers to obtain sensitive information by navigating with a modified page_id, as demonstrated by reading note content, or discovering a username in the JSON data at a. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Showdoc
NVD GitHub
CVSS 3.0
6.5
EPSS
1.2%
CVE-2018-19433 MEDIUM POC This Month

ShowDoc 2.4.1 has XSS via the lang parameter because install/database.php mishandles the $cur_lang value. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Showdoc
NVD GitHub
CVSS 3.0
6.1
EPSS
0.9%
CVE-2018-16342 PHP MEDIUM POC This Month

ShowDoc v1.8.0 has XSS via a new page. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Showdoc
NVD GitHub
CVSS 3.0
5.4
EPSS
0.6%
EPSS 1% CVSS 7.2
HIGH POC PATCH This Week

There is a Unrestricted Upload of File vulnerability in ShowDoc v2.10.3 in GitHub repository star7th/showdoc prior to 2.10.4. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

File Upload Showdoc
NVD GitHub
EPSS 3% CVSS 5.4
MEDIUM POC PATCH This Month

Stored XSS via File Upload in star7th/showdoc in star7th/showdoc in GitHub repository star7th/showdoc prior to 2.10.4. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS File Upload Showdoc
NVD GitHub Exploit-DB
EPSS 1% CVSS 5.4
MEDIUM POC PATCH This Month

Stored XSS via File Upload in star7th/showdoc in GitHub repository star7th/showdoc prior to 2.4.10. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS File Upload Showdoc
NVD GitHub
EPSS 1% CVSS 5.4
MEDIUM POC PATCH This Month

Stored XSS viva .ofd file upload in GitHub repository star7th/showdoc prior to 2.10.4. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS File Upload Showdoc
NVD GitHub
EPSS 1% CVSS 5.4
MEDIUM POC PATCH This Month

Stored XSS viva .webmv file upload in GitHub repository star7th/showdoc prior to 2.10.4. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS File Upload Showdoc
NVD GitHub
EPSS 1% CVSS 5.4
MEDIUM POC PATCH This Month

Stored XSS due to Unrestricted File Upload in GitHub repository star7th/showdoc prior to 2.10.4. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS File Upload Showdoc
NVD GitHub
EPSS 1% CVSS 5.4
MEDIUM POC PATCH This Month

Stored XSS via File Upload in GitHub repository star7th/showdoc prior to 2.10.4. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS File Upload Showdoc
NVD GitHub
EPSS 1% CVSS 5.4
MEDIUM POC PATCH This Month

Stored XSS via File Upload in GitHub repository star7th/showdoc prior to v.2.10.4. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS File Upload Showdoc
NVD GitHub
EPSS 1% CVSS 6.1
MEDIUM POC PATCH This Month

File Upload Restriction Bypass leading to Stored XSS Vulnerability in GitHub repository star7th/showdoc prior to 2.10.4. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS File Upload Showdoc
NVD GitHub
EPSS 1% CVSS 5.4
MEDIUM POC PATCH This Month

Unrestricted Upload of File with Dangerous Type in GitHub repository star7th/showdoc prior to 2.10.4. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

File Upload Showdoc
NVD GitHub
EPSS 1% CVSS 5.4
MEDIUM POC PATCH This Month

Stored XSS viva axd and cshtml file upload in star7th/showdoc in GitHub repository star7th/showdoc prior to v2.10.4. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS File Upload Showdoc
NVD GitHub
EPSS 1% CVSS 5.4
MEDIUM POC PATCH This Month

Stored XSS viva .webma file upload in GitHub repository star7th/showdoc prior to 2.10.4. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS File Upload Showdoc
NVD GitHub
EPSS 1% CVSS 5.4
MEDIUM POC PATCH This Month

Stored XSS viva .properties file upload in GitHub repository star7th/showdoc prior to 2.10.4. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS File Upload Showdoc
NVD GitHub
EPSS 1% CVSS 5.4
MEDIUM POC PATCH This Month

Stored XSS viva cshtm file upload in GitHub repository star7th/showdoc prior to v2.10.4. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS File Upload Showdoc
NVD GitHub
EPSS 1% CVSS 5.4
MEDIUM POC PATCH This Month

Stored XSS due to Unrestricted File Upload in GitHub repository star7th/showdoc prior to v2.10.4. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS File Upload Showdoc
NVD GitHub
EPSS 1% CVSS 5.4
MEDIUM POC PATCH This Month

Stored XSS due to Unrestricted File Upload in GitHub repository star7th/showdoc prior to v2.10.4. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS File Upload Showdoc
NVD GitHub
EPSS 1% CVSS 5.4
MEDIUM POC PATCH This Month

Stored XSS via file upload in GitHub repository star7th/showdoc prior to v2.10.4. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS File Upload Showdoc
NVD GitHub
EPSS 1% CVSS 5.4
MEDIUM POC PATCH This Month

Stored xss in showdoc through file upload in GitHub repository star7th/showdoc prior to 2.10.4. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS File Upload Showdoc
NVD GitHub
EPSS 1% CVSS 5.4
MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Stored in GitHub repository star7th/showdoc prior to 2.10.2. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Showdoc
NVD GitHub
EPSS 1% CVSS 7.8
HIGH POC PATCH This Week

Unrestricted Upload of File with Dangerous Type in Packagist showdoc/showdoc prior to 2.10.2. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

File Upload Showdoc
NVD GitHub
EPSS 1% CVSS 5.3
MEDIUM POC PATCH This Month

showdoc is vulnerable to Generation of Error Message Containing Sensitive Information. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Showdoc
NVD GitHub
EPSS 1% CVSS 8.8
HIGH POC PATCH This Week

showdoc is vulnerable to Cross-Site Request Forgery (CSRF). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

CSRF Showdoc
NVD GitHub
EPSS 1% CVSS 6.1
MEDIUM POC PATCH This Month

showdoc is vulnerable to URL Redirection to Untrusted Site. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Open Redirect Showdoc
NVD GitHub
EPSS 1% CVSS 8.8
HIGH POC PATCH This Week

showdoc is vulnerable to Cross-Site Request Forgery (CSRF). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

CSRF Showdoc
NVD GitHub
EPSS 1% CVSS 6.5
MEDIUM POC PATCH This Month

showdoc is vulnerable to Cross-Site Request Forgery (CSRF). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

CSRF Showdoc
NVD GitHub
EPSS 1% CVSS 6.5
MEDIUM POC PATCH This Month

showdoc is vulnerable to Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Showdoc
NVD GitHub
EPSS 1% CVSS 6.1
MEDIUM POC PATCH This Month

showdoc is vulnerable to URL Redirection to Untrusted Site. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Open Redirect Showdoc
NVD GitHub
EPSS 0% CVSS 5.4
MEDIUM POC PATCH This Month

showdoc is vulnerable to Cross-Site Request Forgery (CSRF). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

CSRF Showdoc
NVD GitHub
EPSS 0% CVSS 5.4
MEDIUM POC PATCH This Month

showdoc is vulnerable to Cross-Site Request Forgery (CSRF). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

CSRF Showdoc
NVD GitHub
EPSS 0% CVSS 6.5
MEDIUM POC PATCH This Month

showdoc is vulnerable to Cross-Site Request Forgery (CSRF). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

CSRF Showdoc
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL PATCH Act Now

ShowDoc 2.8.3 ihas a file upload vulnerability, where attackers can use the vulnerability to obtain server permissions. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Showdoc
NVD GitHub
EPSS 5% CVSS 9.8
CRITICAL POC PATCH Act Now

Unrestricted File Upload in ShowDoc v2.9.5 allows remote attackers to execute arbitrary code via the 'file_url' parameter in the component AdminUpdateController.class.php'. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP File Upload +1
NVD GitHub
EPSS 1% CVSS 5.9
MEDIUM PATCH This Month

showdoc is vulnerable to Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG). Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Information Disclosure Showdoc
NVD GitHub
EPSS 0% CVSS 4.9
MEDIUM POC PATCH This Month

showdoc is vulnerable to Missing Cryptographic Step. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Showdoc
NVD GitHub
EPSS 0% CVSS 6.5
MEDIUM POC This Month

server/index.php?s=/api/teamMember/save in ShowDoc 2.4.2 has a CSRF that can add members to a team. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF PHP Showdoc
NVD GitHub
EPSS 1% CVSS 4.3
MEDIUM POC PATCH This Month

ShowDoc 2.4.1 allows remote attackers to edit other users' notes by navigating with a modified page_id. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Showdoc
NVD GitHub
EPSS 1% CVSS 6.5
MEDIUM POC This Month

ShowDoc 2.4.1 allows remote attackers to obtain sensitive information by navigating with a modified page_id, as demonstrated by reading note content, or discovering a username in the JSON data at a. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Showdoc
NVD GitHub
EPSS 1% CVSS 6.1
MEDIUM POC This Month

ShowDoc 2.4.1 has XSS via the lang parameter because install/database.php mishandles the $cur_lang value. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Showdoc
NVD GitHub
EPSS 1% CVSS 5.4
MEDIUM POC This Month

ShowDoc v1.8.0 has XSS via a new page. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Showdoc
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy