Star7Th · Showdoc · CVE-2026-6982
**Name of the Vulnerable Software and Affected Versions**
star7th ShowDoc versions prior to 3.8.1
**Description**
An issue exists in the API Page Sort Endpoint within the file `server/Application/Api/Controller/PageController.class.PHP`. A remote attacker can perform SQL injection—a technique where malicious SQL statements are inserted into entry fields for execution—by manipulating the `pages` argument.
**Recommendations**
Upgrade to version 3.8.1.