VYPR
Critical severityOSV Advisory· Published Apr 29, 2025· Updated Apr 15, 2026

CVE-2025-0520

CVE-2025-0520

Description

An unrestricted file upload vulnerability in ShowDoc caused by improper validation of file extension allows execution of arbitrary PHP, leading to remote code execution.This issue affects ShowDoc: before 2.8.7.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
showdoc/showdocPackagist
< 2.8.72.8.7

Affected products

2

Patches

Vulnerability mechanics

References

6

News mentions

0

No linked articles in our index yet.