CVE-2018-19620
MEDIUMshowdoc < 2.4.2 - Unauthenticated Incorrect Access Control via Modified page_id
Title source: llmDescription
ShowDoc 2.4.1 allows remote attackers to edit other users' notes by navigating with a modified page_id.
References (3)
Core 3
Core References
Exploit, Third Party Advisory x_refsource_misc
https://github.com/CCCCCrash/POCs/tree/master/Web/showdoc/IncorrectAccessControl#0x02-modify
Issue Tracking x_refsource_misc
https://github.com/star7th/showdoc/issues/397
Scores
CVSS v3
4.3
EPSS
0.0126
EPSS Percentile
65.6%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Details
CWE
CWE-425
Status
published
Products (2)
showdoc/showdoc
2.4.1
showdoc/showdoc
0 - 2.4.2Packagist
Published
Nov 28, 2018
Tracked Since
Feb 18, 2026