Close Menu
    Subscribe
    Alerts

    CVE-2026-6982 | THREATINT

    adminBy No Comments1 Min Read


    Home

    Description

    A vulnerability was determined in star7th ShowDoc up to 2.10.10/3.6.2/3.8.0. Affected by this vulnerability is an unknown functionality of the file server/Application/Api/Controller/PageController.class.PHP of the component API Page Sort Endpoint. Executing a manipulation of the argument pages can lead to sql injection. The attack may be launched remotely. Upgrading to version 3.8.1 addresses this issue. It is suggested to upgrade the affected component. According to the researcher, “[t]he vendor explicitly stated they will not backport patches to the older affected versions.”

    PUBLISHED Reserved 2026-04-24 | Published 2026-04-25 | Updated 2026-04-25 | Assigner VulDB

    MEDIUM: 5.3CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X

    MEDIUM: 6.3CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:X/RL:O/RC:C

    MEDIUM: 6.3CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:X/RL:O/RC:C

    6.5AV:N/AC:L/Au:S/C:P/I:P/A:P/E:ND/RL:OF/RC:C

    Problem types

    SQL Injection

    Injection

    Product status

    2.10.0
    affected

    2.10.1
    affected

    2.10.2
    affected

    2.10.3
    affected

    2.10.4
    affected

    2.10.5
    affected

    2.10.6
    affected

    2.10.7
    affected

    2.10.8
    affected

    2.10.9
    affected

    2.10.10
    affected

    3.0
    affected

    3.1
    affected

    3.2
    affected

    3.3
    affected

    3.4
    affected

    3.5
    affected

    3.6
    affected

    3.6.0
    affected

    3.6.1
    affected

    3.6.2
    affected

    3.7
    affected

    3.8.0
    affected

    3.8.1
    unaffected

    Timeline

    2026-04-24: Advisory disclosed
    2026-04-24: VulDB entry created
    2026-04-24: VulDB entry last update

    Credits

    LIU Tingwei (VulDB User) reporter

    VulDB CNA Team coordinator

    References

    vuldb.com/vuln/359525 (VDB-359525 | star7th ShowDoc API Page Sort Endpoint PageController.class.PHP sql injection) vdb-entry technical-description

    vuldb.com/vuln/359525/cti (VDB-359525 | CTI Indicators (IOB, IOC, TTP, IOA)) signature permissions-required

    vuldb.com/submit/795528 (Submit #795528 | star7th ShowDoc 2.5.3 – 2.10.10, 3.0.0 – 3.6.2 SQL Injection) third-party-advisory

    gist.github.com/saDL0w/555e19668264f98d96259ad47ea33811 related

    github.com/star7th/showdoc/releases/tag/v3.8.1 patch

    cve.org (CVE-2026-6982)

    nvd.nist.gov (CVE-2026-6982)

    Download JSON



    Source link

    Share.

    Related Posts

    Add A Comment

    Comments are closed.