CVE-2018-19621

Name of the Vulnerable Software and Affected Versions ShowDoc version 2.4.2

Description The issue allows for a CSRF attack, which can be used to add members to a team. The affected endpoint is "server/index.php?s=/api/teamMember/save". This can potentially lead to unauthorized modifications to team memberships.

Recommendations For ShowDoc version 2.4.2, as a temporary workaround, consider implementing CSRF protection measures, such as token-based validation, to prevent unauthorized requests to the "server/index.php?s=/api/teamMember/save" endpoint. Restrict access to this endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.