Plzmyy

**Name of the Vulnerable Software and Affected Versions** ShowDoc versions prior to 2.8.7 **Description** An unrestricted file upload issue caused by improper validation of file extensions allows unauthenticated attackers to upload arbitrary PHP files, such as web shells, leading to remote code execution. This flaw is being actively exploited on unpatched servers, with incidents observed on a U.S.-based honeypot. It is estimated that over 2,000 ShowDoc instances are publicly accessible online, with the majority located in China. **Recommendations** Update ShowDoc to version 2.8.7 or later. Update ShowDoc to the latest version (3.8.1) immediately.