CVE-2026-6982

MEDIUM 6.3

star7th ShowDoc API Page Sort Endpoint PageController.class.PHP sql injection

CVSS Score

6.3

EPSS Score

0.0%

EPSS Percentile

0th

A vulnerability was determined in star7th ShowDoc up to 2.10.10/3.6.2/3.8.0. Affected by this vulnerability is an unknown functionality of the file server/Application/Api/Controller/PageController.class.PHP of the component API Page Sort Endpoint. Executing a manipulation of the argument pages can lead to sql injection. The attack may be launched remotely. Upgrading to version 3.8.1 addresses this issue. It is suggested to upgrade the affected component. According to the researcher, "[t]he vendor explicitly stated they will not backport patches to the older affected versions."

CWE	CWE-89 CWE-74
Vendor	star7th
Product	showdoc
Published	Apr 25, 2026

Stay Ahead of the Next One

Get instant alerts for star7th showdoc

Be the first to know when new medium vulnerabilities affecting star7th showdoc are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:X/RL:O/RC:C

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality

Integrity

Availability

Affected Versions

star7th / ShowDoc

2.10.0 2.10.1 2.10.2 2.10.3 2.10.4 2.10.5 2.10.6 2.10.7 2.10.8 2.10.9 2.10.10 3.0 3.1 3.2 3.3 3.4 3.5 3.6 3.6.0 3.6.1 3.6.2 3.7 3.8.0

References

NVD ↗ CVE.org ↗ EPSS Data ↗

vuldb.com: https://vuldb.com/vuln/359525 vuldb.com: https://vuldb.com/vuln/359525/cti vuldb.com: https://vuldb.com/submit/795528 gist.github.com: https://gist.github.com/saDL0w/555e19668264f98d96259ad47ea33811 github.com: https://github.com/star7th/showdoc/releases/tag/v3.8.1

Credits

🔍 LIU Tingwei (VulDB User) VulDB CNA Team