PT-2026-35153 · Star7Th · Showdoc
Liu Tingwei
·
Published
2026-04-25
·
Updated
2026-04-25
·
CVE-2026-6982
CVSS v2.0
6.5
Medium
| Vector | AV:N/AC:L/Au:S/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
star7th ShowDoc versions prior to 3.8.1
Description
An issue exists in the API Page Sort Endpoint within the file
server/Application/Api/Controller/PageController.class.PHP. A remote attacker can perform SQL injection—a technique where malicious SQL statements are inserted into entry fields for execution—by manipulating the pages argument.Recommendations
Upgrade to version 3.8.1.
Fix
Special Elements Injection
SQL injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Showdoc