430 matches found
CVE-2026-6982
A vulnerability was determined in star7th ShowDoc up to 2.10.10/3.6.2/3.8.0. Affected by this vulnerability is an unknown functionality of the file server/Application/Api/Controller/PageController.class.PHP of the component API Page Sort Endpoint. Executing a manipulation of the argument pages ca...
SQL Injection
Overview showdoc/showdoc is a tool for an IT team to share documents online. Affected versions of this package are vulnerable to SQL Injection via the pages argument in the API Page Sort Endpoint process. An attacker can execute arbitrary SQL commands by sending crafted requests to the affected...
GHSA-FM5R-CJ7V-RJ2C ShowDoc has an Injection vulnerability
A vulnerability was determined in star7th ShowDoc up to 2.10.10/3.6.2/3.8.0. Affected by this vulnerability is an unknown functionality of the file server/Application/Api/Controller/PageController.class.PHP of the component API Page Sort Endpoint. Executing a manipulation of the argument pages ca...
ShowDoc has an Injection vulnerability
A vulnerability was determined in star7th ShowDoc up to 2.10.10/3.6.2/3.8.0. Affected by this vulnerability is an unknown functionality of the file server/Application/Api/Controller/PageController.class.PHP of the component API Page Sort Endpoint. Executing a manipulation of the argument pages ca...
CVE-2026-6982
A vulnerability was determined in star7th ShowDoc up to 2.10.10/3.6.2/3.8.0. Affected by this vulnerability is an unknown functionality of the file server/Application/Api/Controller/PageController.class.PHP of the component API Page Sort Endpoint. Executing a manipulation of the argument pages ca...
EUVD-2026-25658
A vulnerability was determined in star7th ShowDoc up to 2.10.10/3.6.2/3.8.0. Affected by this vulnerability is an unknown functionality of the file server/Application/Api/Controller/PageController.class.PHP of the component API Page Sort Endpoint. Executing a manipulation of the argument pages ca...
CVE-2026-6982 star7th ShowDoc API Page Sort Endpoint PageController.class.PHP sql injection
A vulnerability was determined in star7th ShowDoc up to 2.10.10/3.6.2/3.8.0. Affected by this vulnerability is an unknown functionality of the file server/Application/Api/Controller/PageController.class.PHP of the component API Page Sort Endpoint. Executing a manipulation of the argument pages ca...
CVE-2026-6982
A vulnerability was determined in star7th ShowDoc up to 2.10.10/3.6.2/3.8.0. Affected by this vulnerability is an unknown functionality of the file server/Application/Api/Controller/PageController.class.PHP of the component API Page Sort Endpoint. Executing a manipulation of the argument pages ca...
CVE-2026-6982 star7th ShowDoc API Page Sort Endpoint PageController.class.PHP sql injection
A vulnerability was determined in star7th ShowDoc up to 2.10.10/3.6.2/3.8.0. Affected by this vulnerability is an unknown functionality of the file server/Application/Api/Controller/PageController.class.PHP of the component API Page Sort Endpoint. Executing a manipulation of the argument pages ca...
CVE-2026-6982
CVE-2026-6982 affects star7th ShowDoc up to versions 2.10.10, 3.6.2 and 3.8.0. The vulnerability resides in an unknown functionality of file server/Application/Api/Controller/PageController.class.PHP within the API Page Sort Endpoint, where manipulating the pages argument can lead to SQL injectio...
ShowDoc 注入漏洞
ShowDoc is a tool developed by star7th, ideal for online document sharing among IT teams. Versions 2.10.10, 3.6.2, and 3.8.0 of ShowDoc contain injection vulnerabilities. These vulnerabilities stem from improper handling of parameters in the...
PT-2026-35153
A vulnerability was determined in star7th ShowDoc up to 2.10.10/3.6.2/3.8.0. Affected by this vulnerability is an unknown functionality of the file server/Application/Api/Controller/PageController.class.PHP of the component API Page Sort Endpoint. Executing a manipulation of the argument pages ca...
ShowDoc Vulnerability Patched in 2020 Now Used in Active Server Takeovers
Hackers are exploiting a 5-year-old ShowDoc vulnerability CVE-2025-0520 to deploy web shells, enabling RCE and full server takeover worldwide...
ShowDoc RCE Flaw CVE-2025-0520 Actively Exploited on Unpatched Servers
A critical security vulnerability impacting ShowDoc, a document management and collaboration service popular in China, has come under active exploitation in the wild. The vulnerability in question is CVE-2025-0520 aka CNVD-2020-26585, which carries a CVSS score of 9.4 out of 10.0. It relates to a...
VulnCheck KEV: CVE-2025-0520
An unrestricted file upload vulnerability in ShowDoc caused by improper validation of file extension allows execution of arbitrary PHP, leading to remote code execution.This issue affects ShowDoc: before 2.8.7...
CVE-2018-19620
ShowDoc 2.4.1 allows remote attackers to edit other users' notes by navigating with a modified pageid...
CVE-2018-19621
server/index.php?s=/api/teamMember/save in ShowDoc 2.4.2 has a CSRF that can add members to a team...
CVE-2022-0940
Stored XSS due to Unrestricted File Upload in GitHub repository star7th/showdoc prior to v2.10.4...
CVE-2022-0966
Stored XSS via File Upload in star7th/showdoc in GitHub repository star7th/showdoc prior to 2.4.10...
CVE-2022-0937
Stored xss in showdoc through file upload in GitHub repository star7th/showdoc prior to 2.10.4...