CVE-2025-0520

An unrestricted file upload vulnerability in ShowDoc caused by improper validation of file extension allows execution of arbitrary PHP, leading to remote code execution.This issue affects ShowDoc: before 2.8.7.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
UNKNOWN
---
VulnCheckCNA
---
---
CISA-ADPADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 72%
Common Weakness Enumeration
References
https://github.com/star7th/showdoc/pull/1059
https://github.com/vulhub/vulhub/tree/master/showdoc/CNVD-2020-26585
https://www.cnvd.org.cn/flaw/show/CNVD-2020-26585
https://www.vulncheck.com/advisories/showdoc-unauthenticated-file-upload-rce