showdoc is an open source tool for IT teams to share documents online. showdoc versions prior to v2.10.4 are vulnerable to file uploads, which stem from the lack of effective detection of .shtml file extensions in the application’s file upload feature. An attacker could use this vulnerability to upload malicious files to execute malicious scripts in the user’s browser, steal user cookies, etc.
CPE | Name | Operator | Version |
---|---|---|---|
showdoc showdoc | lt | 2.10.4 |