Cross-Site Request Forgery in ShowDoc 2.4.2 by ShowDoc Team
CVE-2018-19621

6.5MEDIUM

Key Information:

Vendor: Showdoc
Status: Showdoc
Vendor: CVE Published:; 28 November 2018

What is CVE-2018-19621?

In ShowDoc version 2.4.2, a Cross-Site Request Forgery (CSRF) vulnerability exists in the endpoint server/index.php?s=/api/teamMember/save, allowing attackers to add unauthorized members to a team without proper authentication. This flaw can be exploited by crafting a malicious request that, when triggered by an authenticated user, enables the rogue addition of team members.

References

https://github.com/CCCCCrash/POCs/tree/master/Web/showdoc...

x_refsource_MISC

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability Reserved
Oct 3, 2022
Vulnerability published
Nov 28, 2018

CVE-2018-19621 Data

JSON

Showdoc

What is CVE-2018-19621?

References

CVSS V3.1

Timeline