Description
Unrestricted Upload of File with Dangerous Type in Packagist showdoc/showdoc prior to 2.10.2.
References (2)
Core 2
Core References
Exploit, Patch, Third Party Advisory x_refsource_confirm
https://huntr.dev/bounties/c25bfad1-2611-4226-954f-009e50f966f7
Patch, Third Party Advisory x_refsource_misc
https://github.com/star7th/showdoc/commit/7383d7a3c1b0807b6f397ba7df415a0ce7ccc436
Scores
CVSS v3
7.8
EPSS
0.0021
EPSS Percentile
43.1%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Details
CWE
CWE-434
Status
published
Products (2)
showdoc/showdoc
< 2.10.2
showdoc/showdoc
0 - 2.10.2Packagist
Published
Feb 19, 2022
Tracked Since
Feb 18, 2026