CVE-2018-19620
MEDIUM
4,3
Source: [email protected]
Attack Vector: network
Attack Complexity: low
Privileges Required: low
User Interaction: none
Scope: unchanged
Confidentiality: none
Integrity: low
Availability: none
MEDIUM
4,0
Source: [email protected]
Access Vector: network
Access Complexity: low
Authentication: single
Confidentiality: none
Integrity: partial
Availability: none
Description
AI Translation Available
ShowDoc 2.4.1 allows remote attackers to edit other users' notes by navigating with a modified page_id.
EPSS (Exploit Prediction Scoring System)
Trend Analysis
EPSS (Exploit Prediction Scoring System)
Prevede la probabilità di sfruttamento basata su intelligence sulle minacce e sulle caratteristiche della vulnerabilità.
EPSS Score
0,0013
Percentile
0,3th
Updated
EPSS Score Trend (Last 91 Days)
425
Direct Request ('Forced Browsing')
IncompleteCommon Consequences
Security Scopes Affected:
Confidentiality
Integrity
Availability
Access Control
Potential Impacts:
Read Application Data
Modify Application Data
Execute Unauthorized Code Or Commands
Gain Privileges Or Assume Identity
Applicable Platforms
Technologies:
Web Based, Web Server
Application
Showdoc by Showdoc
CPE Identifier
View Detailed Analysis
cpe:2.3:a:showdoc:showdoc:2.4.1:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
https://github.com/CCCCCrash/POCs/tree/master/Web/showdoc/IncorrectAccessContro…
https://github.com/star7th/showdoc/commit/bcdb5e3519285bdf81e618b3c9b90d22bc49e…
https://github.com/star7th/showdoc/issues/397
https://github.com/CCCCCrash/POCs/tree/master/Web/showdoc/IncorrectAccessContro…
https://github.com/star7th/showdoc/commit/bcdb5e3519285bdf81e618b3c9b90d22bc49e…
https://github.com/star7th/showdoc/issues/397