Critical severityNVD Advisory· Published Sep 8, 2021· Updated Aug 4, 2024
CVE-2021-36440
CVE-2021-36440
Description
Unrestricted File Upload in ShowDoc v2.9.5 allows remote attackers to execute arbitrary code via the 'file_url' parameter in the component AdminUpdateController.class.php'.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
showdoc/showdocPackagist | < 2.9.6 | 2.9.6 |
Affected products
2- ShowDoc/ShowDocdescription
Patches
Vulnerability mechanics
References
4- github.com/advisories/GHSA-c442-3278-rhrgghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2021-36440ghsaADVISORY
- github.com/star7th/showdoc/commit/49b992d4c548c8c615a92b6efe8a50c8f1083abfghsaWEB
- github.com/star7th/showdoc/issues/1406ghsax_refsource_MISCWEB
News mentions
0No linked articles in our index yet.