458 matches found
CVE-2025-0520 ShowDoc < 2.8.7 Unauthenticated File Upload Remote Code Execution
An unrestricted file upload vulnerability in ShowDoc caused by improper validation of file extension allows execution of arbitrary PHP, leading to remote code execution.This issue affects ShowDoc: before 2.8.7...
ShowDoc 代码问题漏洞
ShowDoc is a great tool for IT teams to share documents online by star7th individual developers. A code issue vulnerability exists in ShowDoc versions prior to 2.8.7 that stems from improper validation of file extensions and could lead to remote code execution...
PT-2025-18203
Name of the Vulnerable Software and Affected Versions ShowDoc versions prior to 2.8.7 Description An unrestricted file upload issue caused by improper validation of file extensions allows unauthenticated attackers to upload arbitrary PHP files, such as web shells, leading to remote code execution...
CVE-2021-4017
showdoc is vulnerable to Cross-Site Request Forgery CSRF...
CVE-2022-1034
There is a Unrestricted Upload of File vulnerability in ShowDoc v2.10.3 in GitHub repository star7th/showdoc prior to 2.10.4...
CVE-2022-0957
Stored XSS via File Upload in GitHub repository star7th/showdoc prior to 2.10.4...
CVE-2022-0945
Stored XSS viva axd and cshtml file upload in star7th/showdoc in GitHub repository star7th/showdoc prior to v2.10.4...
Showdoc 2.10.3 - Stored Cross-Site Scripting Vulnerability
Exploit Title: Showdoc 2.10.3 - Stored Cross-Site Scripting XSS Exploit Author: Akshay Ravi Vendor Homepage: https://github.com/star7th/showdoc Software Link: https://github.com/star7th/showdoc/releases/tag/v2.10.3 Version: alert1" 2. Login to showdoc v2.10.2 and go to file library Endpoint =...
Showdoc 2.10.3 Cross Site Scripting
Exploit Title: Showdoc 2.10.3 - Stored Cross-Site Scripting XSS Exploit Author: Akshay Ravi Vendor Homepage: https://github.com/star7th/showdoc Software Link: https://github.com/star7th/showdoc/releases/tag/v2.10.3 Version: alert1" 2. Login to showdoc v2.10.2 and go to file library Endpoint =...
Showdoc 2.10.3 - Stored Cross-Site Scripting (XSS)
Exploit Title: Showdoc 2.10.3 - Stored Cross-Site Scripting XSS Exploit Author: Akshay Ravi Vendor Homepage: https://github.com/star7th/showdoc Software Link: https://github.com/star7th/showdoc/releases/tag/v2.10.3 Version: alert1" 2. Login to showdoc v2.10.2 and go to file library Endpoint =...
GHSA-2263-JWGM-WV97 Showdoc XSS Vulnerability
ShowDoc v1.8.0 has XSS via a new page...
Showdoc XSS Vulnerability
ShowDoc v1.8.0 has XSS via a new page...
GHSA-6XX7-CPHV-PXGR Showdoc Forced Browsing
ShowDoc 2.4.1 allows remote attackers to obtain sensitive information by navigating with a modified pageid, as demonstrated by reading note content, or discovering a username in the JSON data at a diff URL...
Showdoc Forced Browsing
ShowDoc 2.4.1 allows remote attackers to obtain sensitive information by navigating with a modified pageid, as demonstrated by reading note content, or discovering a username in the JSON data at a diff URL...
GHSA-3P87-GQW8-4PF2 Showdoc CSRF Vulnerability
server/index.php?s=/api/teamMember/save in ShowDoc 2.4.2 has a CSRF that can add members to a team...
Showdoc CSRF Vulnerability
server/index.php?s=/api/teamMember/save in ShowDoc 2.4.2 has a CSRF that can add members to a team...
GHSA-PFRC-5HHQ-6HVR Showdoc Unauthenticated Access
ShowDoc 2.4.1 allows remote attackers to edit other users' notes by navigating with a modified pageid...
Showdoc Unauthenticated Access
ShowDoc 2.4.1 allows remote attackers to edit other users' notes by navigating with a modified pageid...
Unrestricted File Upload
showdoc/showdoc allows unrestricted file uploads. An attacker is able to login to the admin panel and obtains server privileges via the unrestricted file upload vulnerability in AdminUpdateController.class.php...
GHSA-XP82-JMW8-MJXP Unrestricted Upload of File with Dangerous Type in ShowDoc
There is a Unrestricted Upload of File vulnerability in ShowDoc prior to version 2.10.4...