Submit #795528: star7th ShowDoc 2.5.3 - 2.10.10, 3.0.0 - 3.6.2 SQL Injectioninfo

Titlestar7th ShowDoc 2.5.3 - 2.10.10, 3.0.0 - 3.6.2 SQL Injection
DescriptionA SQL Injection vulnerability exists in showdoc. Affected Versions: 2.5.3 - 2.10.10 and 3.0.0 - 3.6.2. Vulnerability Details: The issue is located in the "pages" parameter in the "server/Application/Api/Controller/PageController.class.php". Due to improper neutralization of user input, an attacker can execute arbitrary SQL commands to read sensitive database information. Remediation & Vendor Status: The vendor has been contacted and has acknowledged the vulnerability. They have released a fix in the latest version 3.8.1. The vendor explicitly stated they will not backport patches to the older affected versions. Users are advised to upgrade to the latest version immediately.
Source⚠️ https://gist.github.com/saDL0w/555e19668264f98d96259ad47ea33811
User
 LIU Tingwei (UID 97038)
Submission04/02/2026 15:58 (3 months ago)
Moderation04/24/2026 21:03 (22 days later)
StatusAccepted
VulDB entry359525 [star7th ShowDoc up to 2.10.10/3.6.2/3.8.0 API Page Sort Endpoint PageController.class.PHP pages sql injection]
Points20

Do you know our Splunk app?

Download it now for free!