showdoc/showdoc is vulnerable to arbitrary file upload attacks. The vulnerability exists through AttachmentController.class.php
where the attachmentUpload
function does not properly validate the upload files, allowing an attacker to upload a malicious crafted file and remotely execute arbitrary code on system.
CPE | Name | Operator | Version |
---|---|---|---|
showdoc/showdoc | le | v2.10.2 | |
showdoc/showdoc | le | v2.10.2 |