Access Control Flaw in ShowDoc by Star7th
CVE-2018-19620

4.3MEDIUM

Key Information:

Vendor

Showdoc

Status
Showdoc
Vendor
CVE Published:
28 November 2018

What is CVE-2018-19620?

ShowDoc version 2.4.1 is susceptible to an access control vulnerability that enables remote attackers to alter or edit notes belonging to other users. By manipulating the 'page_id' parameter in requests, unauthorized users can gain access to resources that should be restricted, leading to potential data leakage or unauthorized data modification. This flaw highlights the importance of robust access control mechanisms to prevent exploitation and ensure user privacy.

References

https://github.com/CCCCCrash/POCs/tree/master/Web/showdoc...
x_refsource_MISC
https://github.com/star7th/showdoc/issues/397
x_refsource_MISC
https://github.com/star7th/showdoc/commit/bcdb5e3519285bd...
x_refsource_MISC

CVSS V3.1

Score:
4.3
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability Reserved

  • Vulnerability published

.