CVE-2025-0520

EUVD-2025-12661
An unrestricted file upload vulnerability in ShowDoc caused by improper validation of file extension allows execution of arbitrary PHP, leading to remote code execution.This issue affects ShowDoc: before 2.8.7.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
UNKNOWN
---
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: 83%
Common Weakness Enumeration
References
https://github.com/star7th/showdoc/pull/1059
https://github.com/vulhub/vulhub/tree/master/showdoc/CNVD-2020-26585
https://www.cnvd.org.cn/flaw/show/CNVD-2020-26585
https://www.vulncheck.com/advisories/showdoc-unauthenticated-file-upload-rce