Vulnerabilities > Showdoc

DATE CVE VULNERABILITY TITLE RISK
2021-11-13 CVE-2021-3775 Cross-Site Request Forgery (CSRF) vulnerability in Showdoc
showdoc is vulnerable to Cross-Site Request Forgery (CSRF)
network
low complexity
showdoc CWE-352
5.4
2021-11-13 CVE-2021-3776 Cross-Site Request Forgery (CSRF) vulnerability in Showdoc
showdoc is vulnerable to Cross-Site Request Forgery (CSRF)
network
low complexity
showdoc CWE-352
5.4
2021-10-22 CVE-2021-41745 Unrestricted Upload of File with Dangerous Type vulnerability in Showdoc 2.8.3
ShowDoc 2.8.3 ihas a file upload vulnerability, where attackers can use the vulnerability to obtain server permissions.
network
low complexity
showdoc CWE-434
critical
9.8
2021-09-08 CVE-2021-36440 Unrestricted Upload of File with Dangerous Type vulnerability in Showdoc 2.9.5
Unrestricted File Upload in ShowDoc v2.9.5 allows remote attackers to execute arbitrary code via the 'file_url' parameter in the component AdminUpdateController.class.php'.
network
low complexity
showdoc CWE-434
critical
9.8
2021-08-04 CVE-2021-3678 Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) vulnerability in Showdoc
showdoc is vulnerable to Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)
network
high complexity
showdoc CWE-338
5.9
2021-08-04 CVE-2021-3680 Improper Verification of Cryptographic Signature vulnerability in Showdoc
showdoc is vulnerable to Missing Cryptographic Step
network
low complexity
showdoc CWE-347
4.9
2018-11-28 CVE-2018-19621 Cross-Site Request Forgery (CSRF) vulnerability in Showdoc 2.4.2
server/index.php?s=/api/teamMember/save in ShowDoc 2.4.2 has a CSRF that can add members to a team.
network
low complexity
showdoc CWE-352
6.5
2018-11-28 CVE-2018-19620 Forced Browsing vulnerability in Showdoc 2.4.1
ShowDoc 2.4.1 allows remote attackers to edit other users' notes by navigating with a modified page_id.
network
low complexity
showdoc CWE-425
4.3
2018-11-27 CVE-2018-19609 Information Exposure vulnerability in Showdoc 2.4.1
ShowDoc 2.4.1 allows remote attackers to obtain sensitive information by navigating with a modified page_id, as demonstrated by reading note content, or discovering a username in the JSON data at a diff URL.
network
low complexity
showdoc CWE-200
6.5
2018-11-22 CVE-2018-19433 Cross-site Scripting vulnerability in Showdoc 2.4.1
ShowDoc 2.4.1 has XSS via the lang parameter because install/database.php mishandles the $cur_lang value.
network
low complexity
showdoc CWE-79
6.1