CVE-2025-0520

Name of the Vulnerable Software and Affected Versions ShowDoc versions prior to 2.8.7

Description An unrestricted file upload vulnerability in ShowDoc is caused by improper validation of file extension, allowing execution of arbitrary PHP and leading to remote code execution.

Recommendations For versions prior to 2.8.7, update to version 2.8.7 or later to resolve the issue. As a temporary workaround, consider restricting file uploads to only necessary and validated extensions until a patch is applied. Restrict access to sensitive areas of the system to minimize the risk of exploitation.