Описание
Showdoc Unauthenticated Access
ShowDoc 2.4.1 allows remote attackers to edit other users' notes by navigating with a modified page_id.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2018-19620
- https://github.com/star7th/showdoc/issues/397
- https://github.com/star7th/showdoc/commit/bcdb5e3519285bdf81e618b3c9b90d22bc49e13c
- https://github.com/CCCCCrash/POCs/tree/master/Web/showdoc/IncorrectAccessControl#0x02-modify
- https://github.com/star7th/showdoc/commits/v2.4.2
Пакеты
Наименование
showdoc/showdoc
composer
Затронутые версииВерсия исправления
< 2.4.2
2.4.2
Связанные уязвимости
CVSS3: 4.3
nvd
около 7 лет назад
ShowDoc 2.4.1 allows remote attackers to edit other users' notes by navigating with a modified page_id.