Showdoc: >> Showdoc Security Vulnerabilities
showdoc is vulnerable to Cross-Site Request Forgery (CSRF)
CVSS Score
4.3
EPSS Score
0.001
Published
2021-11-13
showdoc is vulnerable to Cross-Site Request Forgery (CSRF)
CVSS Score
4.3
EPSS Score
0.001
Published
2021-11-13
ShowDoc 2.8.3 ihas a file upload vulnerability, where attackers can use the vulnerability to obtain server permissions.
CVSS Score
9.8
EPSS Score
0.003
Published
2021-10-22
Unrestricted File Upload in ShowDoc v2.9.5 allows remote attackers to execute arbitrary code via the 'file_url' parameter in the component AdminUpdateController.class.php'.
CVSS Score
9.8
EPSS Score
0.368
Published
2021-09-08
showdoc is vulnerable to Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)
CVSS Score
7.5
EPSS Score
0.004
Published
2021-08-04
showdoc is vulnerable to Missing Cryptographic Step
CVSS Score
5.3
EPSS Score
0.001
Published
2021-08-04
ShowDoc 2.4.1 allows remote attackers to edit other users' notes by navigating with a modified page_id.
CVSS Score
4.3
EPSS Score
0.001
Published
2018-11-28
server/index.php?s=/api/teamMember/save in ShowDoc 2.4.2 has a CSRF that can add members to a team.
CVSS Score
6.5
EPSS Score
0.001
Published
2018-11-28
ShowDoc 2.4.1 allows remote attackers to obtain sensitive information by navigating with a modified page_id, as demonstrated by reading note content, or discovering a username in the JSON data at a diff URL.
CVSS Score
6.5
EPSS Score
0.002
Published
2018-11-27
ShowDoc 2.4.1 has XSS via the lang parameter because install/database.php mishandles the $cur_lang value.
CVSS Score
6.1
EPSS Score
0.002
Published
2018-11-22