Showdoc
by Star7th
Source repositories
CVEs (3)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-0520 | Cri | 0.54 | — | 0.01 | Apr 29, 2025 | An unrestricted file upload vulnerability in ShowDoc caused by improper validation of file extension allows execution of arbitrary PHP, leading to remote code execution.This issue affects ShowDoc: before 2.8.7. | ||
| CVE-2026-6982 | Med | 0.41 | 6.3 | 0.00 | Apr 25, 2026 | A vulnerability was determined in star7th ShowDoc up to 2.10.10/3.6.2/3.8.0. Affected by this vulnerability is an unknown functionality of the file server/Application/Api/Controller/PageController.class.PHP of the component API Page Sort Endpoint. Executing a manipulation of the… | ||
| CVE-2018-19433 | 0.00 | — | 0.01 | Nov 22, 2018 | ShowDoc 2.4.1 has XSS via the lang parameter because install/database.php mishandles the $cur_lang value. |
- risk 0.54cvss —epss 0.01
An unrestricted file upload vulnerability in ShowDoc caused by improper validation of file extension allows execution of arbitrary PHP, leading to remote code execution.This issue affects ShowDoc: before 2.8.7.
- risk 0.41cvss 6.3epss 0.00
A vulnerability was determined in star7th ShowDoc up to 2.10.10/3.6.2/3.8.0. Affected by this vulnerability is an unknown functionality of the file server/Application/Api/Controller/PageController.class.PHP of the component API Page Sort Endpoint. Executing a manipulation of the…
- CVE-2018-19433Nov 22, 2018risk 0.00cvss —epss 0.01
ShowDoc 2.4.1 has XSS via the lang parameter because install/database.php mishandles the $cur_lang value.