SQL Injection

Overview showdoc/showdoc is a tool for an IT team to share documents online. Affected versions of this package are vulnerable to SQL Injection via the pages argument in the API Page Sort Endpoint process. An attacker can execute arbitrary SQL commands by sending crafted requests to the affected...

GHSA-FM5R-CJ7V-RJ2C ShowDoc has an Injection vulnerability

A vulnerability was determined in star7th ShowDoc up to 2.10.10/3.6.2/3.8.0. Affected by this vulnerability is an unknown functionality of the file server/Application/Api/Controller/PageController.class.PHP of the component API Page Sort Endpoint. Executing a manipulation of the argument pages ca...

PT-2026-35153

A vulnerability was determined in star7th ShowDoc up to 2.10.10/3.6.2/3.8.0. Affected by this vulnerability is an unknown functionality of the file server/Application/Api/Controller/PageController.class.PHP of the component API Page Sort Endpoint. Executing a manipulation of the argument pages ca...

ShowDoc RCE Flaw CVE-2025-0520 Actively Exploited on Unpatched Servers

A critical security vulnerability impacting ShowDoc, a document management and collaboration service popular in China, has come under active exploitation in the wild. The vulnerability in question is CVE-2025-0520 aka CNVD-2020-26585, which carries a CVSS score of 9.4 out of 10.0. It relates to a...

VulnCheck KEV: CVE-2025-0520

An unrestricted file upload vulnerability in ShowDoc caused by improper validation of file extension allows execution of arbitrary PHP, leading to remote code execution.This issue affects ShowDoc: before 2.8.7...

CVE-2022-0940

Stored XSS due to Unrestricted File Upload in GitHub repository star7th/showdoc prior to v2.10.4...

CVE-2022-0937

Stored xss in showdoc through file upload in GitHub repository star7th/showdoc prior to 2.10.4...

CVE-2022-0079

showdoc is vulnerable to Generation of Error Message Containing Sensitive Information...

CVE-2022-0409

Unrestricted Upload of File with Dangerous Type in Packagist showdoc/showdoc prior to 2.10.2...

EUVD-2021-2460

Malware in sbrugna...

EUVD-2021-2596

Malware in sbrugna...

EUVD-2021-2412

Malware in sbrugna...

EUVD-2021-2373

Malware in sbrugna...

EUVD-2022-2882

Malicious code in bioql PyPI...

EUVD-2022-4753

Malicious code in bioql PyPI...

EUVD-2022-1479

Malicious code in bioql PyPI...

CVE-2021-3993

showdoc is vulnerable to Cross-Site Request Forgery CSRF...

CVE-2021-3776

showdoc is vulnerable to Cross-Site Request Forgery CSRF...

CVE-2021-3775

showdoc is vulnerable to Cross-Site Request Forgery CSRF...

Unrestricted File Upload

showdoc/showdoc is vulnerable to unrestricted file upload. The vulnerability is due to improper validation of file extensions, allowing execution of arbitrary PHP code and leading to remote code execution...