Star7th
Products
2- 3 CVEs
- Starlite1 CVEpypi
Recent CVEs
4| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-0520 | Cri | 0.54 | — | 0.01 | Apr 29, 2025 | An unrestricted file upload vulnerability in ShowDoc caused by improper validation of file extension allows execution of arbitrary PHP, leading to remote code execution.This issue affects ShowDoc: before 2.8.7. | ||
| CVE-2026-6982 | Med | 0.41 | 6.3 | 0.00 | Apr 25, 2026 | A vulnerability was determined in star7th ShowDoc up to 2.10.10/3.6.2/3.8.0. Affected by this vulnerability is an unknown functionality of the file server/Application/Api/Controller/PageController.class.PHP of the component API Page Sort Endpoint. Executing a manipulation of the… | ||
| CVE-2023-25578 | 0.00 | — | 0.01 | Feb 15, 2023 | Starlite is an Asynchronous Server Gateway Interface (ASGI) framework. Prior to version 1.5.2, the request body parsing in `starlite` allows a potentially unauthenticated attacker to consume a large amount of CPU time and RAM. The multipart body parser processes an unlimited… | |||
| CVE-2018-19433 | 0.00 | — | 0.01 | Nov 22, 2018 | ShowDoc 2.4.1 has XSS via the lang parameter because install/database.php mishandles the $cur_lang value. |
- risk 0.54cvss —epss 0.01
An unrestricted file upload vulnerability in ShowDoc caused by improper validation of file extension allows execution of arbitrary PHP, leading to remote code execution.This issue affects ShowDoc: before 2.8.7.
- risk 0.41cvss 6.3epss 0.00
A vulnerability was determined in star7th ShowDoc up to 2.10.10/3.6.2/3.8.0. Affected by this vulnerability is an unknown functionality of the file server/Application/Api/Controller/PageController.class.PHP of the component API Page Sort Endpoint. Executing a manipulation of the…
- CVE-2023-25578Feb 15, 2023risk 0.00cvss —epss 0.01
Starlite is an Asynchronous Server Gateway Interface (ASGI) framework. Prior to version 1.5.2, the request body parsing in `starlite` allows a potentially unauthenticated attacker to consume a large amount of CPU time and RAM. The multipart body parser processes an unlimited…
- CVE-2018-19433Nov 22, 2018risk 0.00cvss —epss 0.01
ShowDoc 2.4.1 has XSS via the lang parameter because install/database.php mishandles the $cur_lang value.