RSS   Podatności dla 'Showdoc'   RSS

2021-11-13
 
CVE-2021-3683

CWE-352
 

 
showdoc is vulnerable to Cross-Site Request Forgery (CSRF)

 
 
CVE-2021-3775

CWE-352
 

 
showdoc is vulnerable to Cross-Site Request Forgery (CSRF)

 
 
CVE-2021-3776

CWE-352
 

 
showdoc is vulnerable to Cross-Site Request Forgery (CSRF)

 
2021-10-22
 
CVE-2021-41745

CWE-434
 

 
ShowDoc 2.8.3 ihas a file upload vulnerability, where attackers can use the vulnerability to obtain server permissions.

 
2021-09-08
 
CVE-2021-36440

CWE-434
 

 
Unrestricted File Upload in ShowDoc v2.9.5 allows remote attackers to execute arbitrary code via the 'file_url' parameter in the component AdminUpdateController.class.php'.

 
2021-08-04
 
CVE-2021-3678

CWE-338
 

 
showdoc is vulnerable to Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)

 
 
CVE-2021-3680

CWE-326
 

 
showdoc is vulnerable to Missing Cryptographic Step

 
2018-11-28
 
CVE-2018-19621

CWE-352
 

 
server/index.php?s=/api/teamMember/save in ShowDoc 2.4.2 has a CSRF that can add members to a team.

 
 
CVE-2018-19620

CWE-425
 

 
ShowDoc 2.4.1 allows remote attackers to edit other users' notes by navigating with a modified page_id.

 
2018-11-27
 
CVE-2018-19609

CWE-200
 

 
ShowDoc 2.4.1 allows remote attackers to obtain sensitive information by navigating with a modified page_id, as demonstrated by reading note content, or discovering a username in the JSON data at a diff URL.

 


Copyright 2021, cxsecurity.com

 

Back to Top