CVE-2026-6982
SQL Injection in ShowDoc API Page Sort Endpoint Allows Remote Attack
Publication date: 2026-04-25
Last updated on: 2026-04-25
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| star7th | showdoc | to 3.6.2 (inc) |
| star7th | showdoc | 3.8.1 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-74 | The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component. |
| CWE-89 | The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-6982 is a SQL Injection vulnerability found in star7th ShowDoc versions up to 2.10.10, 3.6.2, and 3.8.0. It affects the API Page Sort Endpoint, specifically in the file server/Application/Api/Controller/PageController.class.PHP. The vulnerability arises because the application does not properly sanitize the 'pages' parameter, allowing an attacker to inject malicious SQL statements remotely.
An attacker can exploit this flaw by sending crafted HTTP POST requests with malicious payloads in the 'pages' argument, which can lead to unauthorized SQL query execution. This can result in unauthorized data access or manipulation.
The issue is fixed in version 3.8.1, and the vendor has stated they will not backport patches to older versions, so upgrading is strongly recommended.
How can this vulnerability impact me? :
This vulnerability can allow an attacker to execute arbitrary SQL queries on the affected ShowDoc database remotely. This can lead to unauthorized access to sensitive information stored in the database, such as user credentials or other confidential data.
Exploitation can bypass authentication mechanisms or extract sensitive data, potentially compromising the integrity and confidentiality of your data.
Because the attack can be launched remotely without user interaction, it poses a significant security risk if the affected versions are in use.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring for suspicious HTTP POST requests to the endpoint `/showdoc/server/index.php?s=/Api/Page/sort` that include a crafted payload in the "pages" parameter. Such payloads may contain SQL expressions attempting injection, for example: pages={"243038742":["exp","(select username from user order by uid asc limit 1)"]}.
To detect exploitation attempts, you can capture and analyze HTTP traffic targeting this endpoint, looking for unusual or malformed 'pages' parameters.
Example commands to detect such activity might include using network traffic analysis tools like tcpdump or Wireshark with filters for POST requests to the vulnerable API path, or using curl to test the endpoint with crafted payloads in a controlled environment.
- Use tcpdump to capture HTTP POST requests to the vulnerable endpoint: tcpdump -A -s 0 'tcp port 80 and (((ip[2:2] - ((ip[0]&0xf)<<2)) - ((tcp[12]&0xf0)>>2)) != 0)' | grep '/Api/Page/sort'
- Use curl to send a test POST request with a suspicious payload (in a safe test environment): curl -X POST 'http://your-showdoc-server/showdoc/server/index.php?s=/Api/Page/sort' -d 'pages={"243038742":["exp","(select username from user order by uid asc limit 1)"]}&item_id=123&user_token=your_token'
What immediate steps should I take to mitigate this vulnerability?
The immediate and recommended mitigation step is to upgrade the affected ShowDoc component to version 3.8.1 or higher, as this version contains the patch that fixes the SQL injection vulnerability.
Since the vendor will not backport patches to older versions, upgrading is the only reliable fix.
Until the upgrade can be performed, consider restricting access to the vulnerable API endpoint, implementing web application firewall (WAF) rules to block suspicious payloads targeting the 'pages' parameter, and monitoring logs for exploitation attempts.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The SQL injection vulnerability in star7th ShowDoc allows attackers to execute arbitrary SQL queries, potentially leading to unauthorized access to sensitive data stored in the database.
Such unauthorized data access can result in breaches of confidentiality and integrity of personal or sensitive information, which may violate compliance requirements under regulations like GDPR and HIPAA.
Failure to patch this vulnerability and prevent exploitation could lead to non-compliance with these standards, as they mandate protection of personal data against unauthorized access and data breaches.
Therefore, organizations using affected versions of ShowDoc should upgrade to version 3.8.1 or later to mitigate the risk and maintain compliance with relevant data protection regulations.