CVE-2025-0520 | THREATINT

Description

An unrestricted file upload vulnerability in ShowDoc caused by improper validation of file extension allows execution of arbitrary PHP, leading to remote code execution.This issue affects ShowDoc: before 2.8.7.

PUBLISHED Reserved 2025-01-16 | Published 2025-04-29 | Updated 2025-11-19 | Assigner VulnCheck

CRITICAL: 9.4CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:L/SC:H/SI:H/SA:L

Problem types

CWE-434 Unrestricted Upload of File with Dangerous Type

Product status

Default status

unaffected

Any version before 2.8.7

affected

References

github.com/vulhub/vulhub/tree/master/showdoc/CNVD-2020-26585 exploit

github.com/star7th/showdoc/pull/1059 patch issue-tracking

www.cnvd.org.cn/flaw/show/CNVD-2020-26585 third-party-advisory

www.vulncheck.com/...showdoc-unauthenticated-file-upload-rce third-party-advisory

cve.org (CVE-2025-0520)

nvd.nist.gov (CVE-2025-0520)

Download JSON