star7th/showdoc

GitHub

github.com

www.showdoc.com.cn

Releases177

Frequency2 weeks 6 days

Last Release 20 days ago

Stars12.8K

ShowDoc is a tool greatly applicable for an IT team to share documents online一个非常适合IT团队的在线API文档、技术文档工具

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2026-6982 ↗	Apr 25, 2026Saturday, 25 April 2026, 15:16	6.3 MEDIUM	6.5 MEDIUM
A vulnerability was determined in star7th ShowDoc up to 2.10.10/3.6.2/3.8.0. Affected by this vulnerability is an unknown functionality of the file server/Application/Api/Controller/PageController.class.PHP of the component API Page Sort Endpoint. Executing a manipulation of the argument pages can lead to sql injection. The attack may be launched remotely. Upgrading to version 3.8.1 addresses this issue. It is suggested to upgrade the affected component. According to the researcher, "[t]he vendor explicitly stated they will not backport patches to the older affected versions."
CVE-2025-0520 ↗	Apr 29, 2025Tuesday, 29 April 2025, 20:15	—	—
An unrestricted file upload vulnerability in ShowDoc caused by improper validation of file extension allows execution of arbitrary PHP, leading to remote code execution.This issue affects ShowDoc: before 2.8.7.
CVE-2022-1034 ↗	Mar 22, 2022Tuesday, 22 March 2022, 08:15	7.2 HIGH	6.5 MEDIUM
There is a Unrestricted Upload of File vulnerability in ShowDoc v2.10.3 in GitHub repository star7th/showdoc prior to 2.10.4.
CVE-2022-0967 ↗	Mar 15, 2022Tuesday, 15 March 2022, 16:15	5.4 MEDIUM	3.5 LOW
Stored XSS via File Upload in star7th/showdoc in star7th/showdoc in GitHub repository star7th/showdoc prior to 2.10.4.
CVE-2022-0966 ↗	Mar 15, 2022Tuesday, 15 March 2022, 16:15	5.4 MEDIUM	3.5 LOW
Stored XSS via File Upload in star7th/showdoc in GitHub repository star7th/showdoc prior to 2.4.10.
CVE-2022-0965 ↗	Mar 15, 2022Tuesday, 15 March 2022, 16:15	5.4 MEDIUM	3.5 LOW
Stored XSS viva .ofd file upload in GitHub repository star7th/showdoc prior to 2.10.4.
CVE-2022-0964 ↗	Mar 15, 2022Tuesday, 15 March 2022, 16:15	5.4 MEDIUM	3.5 LOW
Stored XSS viva .webmv file upload in GitHub repository star7th/showdoc prior to 2.10.4.
CVE-2022-0942 ↗	Mar 15, 2022Tuesday, 15 March 2022, 14:15	5.4 MEDIUM	3.5 LOW
Stored XSS due to Unrestricted File Upload in GitHub repository star7th/showdoc prior to 2.10.4.
CVE-2022-0957 ↗	Mar 15, 2022Tuesday, 15 March 2022, 13:15	5.4 MEDIUM	3.5 LOW
Stored XSS via File Upload in GitHub repository star7th/showdoc prior to 2.10.4.
CVE-2022-0956 ↗	Mar 15, 2022Tuesday, 15 March 2022, 13:15	5.4 MEDIUM	3.5 LOW
Stored XSS via File Upload in GitHub repository star7th/showdoc prior to v.2.10.4.
CVE-2022-0951 ↗	Mar 15, 2022Tuesday, 15 March 2022, 09:15	6.1 MEDIUM	4.3 MEDIUM
File Upload Restriction Bypass leading to Stored XSS Vulnerability in GitHub repository star7th/showdoc prior to 2.10.4.
CVE-2022-0950 ↗	Mar 15, 2022Tuesday, 15 March 2022, 09:15	5.4 MEDIUM	3.5 LOW
Unrestricted Upload of File with Dangerous Type in GitHub repository star7th/showdoc prior to 2.10.4.
CVE-2022-0945 ↗	Mar 15, 2022Tuesday, 15 March 2022, 04:15	5.4 MEDIUM	3.5 LOW
Stored XSS viva axd and cshtml file upload in star7th/showdoc in GitHub repository star7th/showdoc prior to v2.10.4.
CVE-2022-0962 ↗	Mar 14, 2022Monday, 14 March 2022, 16:15	5.4 MEDIUM	3.5 LOW
Stored XSS viva .webma file upload in GitHub repository star7th/showdoc prior to 2.10.4.
CVE-2022-0960 ↗	Mar 14, 2022Monday, 14 March 2022, 15:15	5.4 MEDIUM	3.5 LOW
Stored XSS viva .properties file upload in GitHub repository star7th/showdoc prior to 2.10.4.
CVE-2022-0946 ↗	Mar 14, 2022Monday, 14 March 2022, 14:15	5.4 MEDIUM	3.5 LOW
Stored XSS viva cshtm file upload in GitHub repository star7th/showdoc prior to v2.10.4.
CVE-2022-0941 ↗	Mar 14, 2022Monday, 14 March 2022, 13:15	5.4 MEDIUM	3.5 LOW
Stored XSS due to Unrestricted File Upload in GitHub repository star7th/showdoc prior to v2.10.4.
CVE-2022-0940 ↗	Mar 14, 2022Monday, 14 March 2022, 11:15	5.4 MEDIUM	3.5 LOW
Stored XSS due to Unrestricted File Upload in GitHub repository star7th/showdoc prior to v2.10.4.
CVE-2022-0938 ↗	Mar 14, 2022Monday, 14 March 2022, 08:15	5.4 MEDIUM	3.5 LOW
Stored XSS via file upload in GitHub repository star7th/showdoc prior to v2.10.4.
CVE-2022-0937 ↗	Mar 14, 2022Monday, 14 March 2022, 03:15	5.4 MEDIUM	3.5 LOW
Stored xss in showdoc through file upload in GitHub repository star7th/showdoc prior to 2.10.4.
CVE-2022-0880 ↗	Mar 12, 2022Saturday, 12 March 2022, 04:15	5.4 MEDIUM	3.5 LOW
Cross-site Scripting (XSS) - Stored in GitHub repository star7th/showdoc prior to 2.10.2.
CVE-2022-0409 ↗	Feb 19, 2022Saturday, 19 February 2022, 05:15	7.8 HIGH	6.8 MEDIUM
Unrestricted Upload of File with Dangerous Type in Packagist showdoc/showdoc prior to 2.10.2.
CVE-2022-0362 ↗	Jan 26, 2022Wednesday, 26 January 2022, 13:15	9.8 CRITICAL	7.5 HIGH
SQL Injection in Packagist showdoc/showdoc prior to 2.10.3.
CVE-2021-4172 ↗	Jan 22, 2022Saturday, 22 January 2022, 12:15	5.4 MEDIUM	3.5 LOW
Cross-site Scripting (XSS) - Stored in GitHub repository star7th/showdoc prior to 2.10.2.
CVE-2022-0079 ↗	Jan 3, 2022Monday, 3 January 2022, 03:15	5.3 MEDIUM	5 MEDIUM
showdoc is vulnerable to Generation of Error Message Containing Sensitive Information
CVE-2021-4168 ↗	Dec 26, 2021Sunday, 26 December 2021, 14:15	8.8 HIGH	6.8 MEDIUM
showdoc is vulnerable to Cross-Site Request Forgery (CSRF)
CVE-2021-4000 ↗	Dec 3, 2021Friday, 3 December 2021, 11:15	6.1 MEDIUM	5.8 MEDIUM
showdoc is vulnerable to URL Redirection to Untrusted Site
CVE-2021-3993 ↗	Dec 1, 2021Wednesday, 1 December 2021, 11:15	6.5 MEDIUM	4.3 MEDIUM
showdoc is vulnerable to Cross-Site Request Forgery (CSRF)
CVE-2021-4017 ↗	Dec 1, 2021Wednesday, 1 December 2021, 11:15	8.8 HIGH	6.8 MEDIUM
showdoc is vulnerable to Cross-Site Request Forgery (CSRF)
CVE-2021-3990 ↗	Dec 1, 2021Wednesday, 1 December 2021, 11:15	6.5 MEDIUM	4.3 MEDIUM
showdoc is vulnerable to Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)
CVE-2021-3989 ↗	Dec 1, 2021Wednesday, 1 December 2021, 11:15	6.1 MEDIUM	5.8 MEDIUM
showdoc is vulnerable to URL Redirection to Untrusted Site
CVE-2021-3776 ↗	Nov 13, 2021Saturday, 13 November 2021, 10:15	5.4 MEDIUM	5.8 MEDIUM
showdoc is vulnerable to Cross-Site Request Forgery (CSRF)
CVE-2021-3775 ↗	Nov 13, 2021Saturday, 13 November 2021, 10:15	5.4 MEDIUM	5.8 MEDIUM
showdoc is vulnerable to Cross-Site Request Forgery (CSRF)
CVE-2021-3683 ↗	Nov 13, 2021Saturday, 13 November 2021, 10:15	6.5 MEDIUM	4.3 MEDIUM
showdoc is vulnerable to Cross-Site Request Forgery (CSRF)
CVE-2021-36440 ↗	Sep 8, 2021Wednesday, 8 September 2021, 21:15	9.8 CRITICAL	7.5 HIGH
Unrestricted File Upload in ShowDoc v2.9.5 allows remote attackers to execute arbitrary code via the 'file_url' parameter in the component AdminUpdateController.class.php'.
CVE-2021-3678 ↗	Aug 4, 2021Wednesday, 4 August 2021, 14:15	5.9 MEDIUM	4.3 MEDIUM
showdoc is vulnerable to Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)
CVE-2021-3680 ↗	Aug 4, 2021Wednesday, 4 August 2021, 13:15	4.9 MEDIUM	4 MEDIUM
showdoc is vulnerable to Missing Cryptographic Step
CVE-2018-19620 ↗	Nov 28, 2018Wednesday, 28 November 2018, 08:29	—	4 MEDIUM
ShowDoc 2.4.1 allows remote attackers to edit other users' notes by navigating with a modified page_id.
CVE-2018-19433 ↗	Nov 22, 2018Thursday, 22 November 2018, 05:29	—	4.3 MEDIUM
ShowDoc 2.4.1 has XSS via the lang parameter because install/database.php mishandles the $cur_lang value.
CVE-2018-16342 ↗	Sep 2, 2018Sunday, 2 September 2018, 18:29	—	3.5 LOW
ShowDoc v1.8.0 has XSS via a new page.