Home > Vulnerability Database > CVE-2018-19620

Mend.io Vulnerability Database

New vulnerability? Tell us about it!

CVE-2018-19620

Date: November 28, 2018

ShowDoc 2.4.1 allows remote attackers to edit other users' notes by navigating with a modified page_id.

Language: PHP

Severity Score

4.3

Related Resources (7)

Url: https://github.com/star7th/showdoc/issues/397

Url: https://github.com/star7th/showdoc

Url: https://github.com/CCCCCrash/POCs/tree/master/Web/showdoc/IncorrectAccessControl#0x02-modify

Url: https://nvd.nist.gov/vuln/detail/CVE-2018-19620

Url: https://github.com/star7th/showdoc/commit/bcdb5e3519285bdf81e618b3c9b90d22bc49e13c

Url: https://github.com/star7th/showdoc/commits/v2.4.2

Url: https://www.mend.io/vulnerability-database/CVE-2018-19620

Severity Score

4.3

Weakness Type (CWE)

Direct Request ('Forced Browsing')

CWE-425

CVSS v3.1

Base Score:	4.3
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	LOW
Availability (A):	NONE

CVSS v2

Base Score:	4.0
Access Vector (AV):	NETWORK
Access Complexity (AC):	LOW
Authentication (AU):	SINGLE
Confidentiality (C):	NONE
Integrity (I):	PARTIAL
Availability (A):	NONE
Additional information:

Do you need more information?

Contact Us