CVE-2025-0520

An unrestricted file upload vulnerability in ShowDoc caused by improper validation of file extension allows execution of arbitrary PHP, leading to remote code execution.This issue affects ShowDoc: before 2.8.7.

CVSS

No CVSS.

References

Link	Resource
https://github.com/star7th/showdoc/pull/1059
https://github.com/vulhub/vulhub/tree/master/showdoc/CNVD-2020-26585
https://www.cnvd.org.cn/flaw/show/CNVD-2020-26585

Configurations

No configuration.

History

02 May 2025, 13:53

Type	Values Removed	Values Added
Summary		(es) Una vulnerabilidad de carga de archivos sin restricciones en ShowDoc causada por una validación incorrecta de la extensión del archivo permite la ejecución de PHP arbitrario, lo que lleva a la ejecución remota de código. Este problema afecta a ShowDoc: antes de 2.8.7.

29 Apr 2025, 20:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-04-29 20:15

Updated : 2025-05-02 13:53

NVD link : CVE-2025-0520

Mitre link : CVE-2025-0520

CVE.ORG link : CVE-2025-0520

JSON object : View

Products Affected

No product.

CWE

CWE-434

Unrestricted Upload of File with Dangerous Type

{"id": "CVE-2025-0520", "cveTags": [], "metrics": {"cvssMetricV40": [{"type": "Secondary", "source": "disclosure@vulncheck.com", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 9.4, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:L/SC:H/SI:H/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "subIntegrityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "LOW", "vulnAvailabilityImpact": "LOW", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2025-04-29T20:15:25.230", "references": [{"url": "https://github.com/star7th/showdoc/pull/1059", "source": "disclosure@vulncheck.com"}, {"url": "https://github.com/vulhub/vulhub/tree/master/showdoc/CNVD-2020-26585", "source": "disclosure@vulncheck.com"}, {"url": "https://www.cnvd.org.cn/flaw/show/CNVD-2020-26585", "source": "disclosure@vulncheck.com"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "disclosure@vulncheck.com", "description": [{"lang": "en", "value": "CWE-434"}]}], "descriptions": [{"lang": "en", "value": "An unrestricted file upload vulnerability in ShowDoc caused by improper validation of file extension allows execution of arbitrary PHP, leading to remote code execution.This issue affects ShowDoc: before 2.8.7."}, {"lang": "es", "value": "Una vulnerabilidad de carga de archivos sin restricciones en ShowDoc causada por una validaci\u00f3n incorrecta de la extensi\u00f3n del archivo permite la ejecuci\u00f3n de PHP arbitrario, lo que lleva a la ejecuci\u00f3n remota de c\u00f3digo. Este problema afecta a ShowDoc: antes de 2.8.7."}], "lastModified": "2025-05-02T13:53:40.163", "sourceIdentifier": "disclosure@vulncheck.com"}