Search Results | AttackerKB

Unrestricted File Upload in ShowDoc v2.9.5 allows remote attackers to execute arbitrary code via the 'file_url' parameter in the component AdminUpdateController.class.php'.

Attack Vector: Network Privileges: None User Interaction: None

Attacker Value

Unknown

CVE-2021-3678

Disclosure Date: August 04, 2021 (last updated February 23, 2025)

showdoc is vulnerable to Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)

Attack Vector: Network Privileges: None User Interaction: None

Attacker Value

Unknown

CVE-2021-3680

Disclosure Date: August 04, 2021 (last updated February 23, 2025)

showdoc is vulnerable to Missing Cryptographic Step

Attack Vector: Network Privileges: High User Interaction: None

Attacker Value

Unknown

CVE-2018-19620

Disclosure Date: November 28, 2018 (last updated November 27, 2024)

ShowDoc 2.4.1 allows remote attackers to edit other users' notes by navigating with a modified page_id.

Attacker Value

Unknown

CVE-2018-19621

Disclosure Date: November 28, 2018 (last updated November 27, 2024)

server/index.php?s=/api/teamMember/save in ShowDoc 2.4.2 has a CSRF that can add members to a team.

Attacker Value

Unknown

CVE-2018-19609

Disclosure Date: November 27, 2018 (last updated November 27, 2024)

ShowDoc 2.4.1 allows remote attackers to obtain sensitive information by navigating with a modified page_id, as demonstrated by reading note content, or discovering a username in the JSON data at a diff URL.

Attacker Value

Unknown

CVE-2018-19433

Disclosure Date: November 22, 2018 (last updated November 27, 2024)

ShowDoc 2.4.1 has XSS via the lang parameter because install/database.php mishandles the $cur_lang value.

41 Total Results

Displaying 31-40 of 41

Unknown

Unknown

Unknown

Unknown

Unknown

Unknown

Unknown

Unknown

Unknown

Unknown

Quick Cookie Notification