CVE-2026-6982 - SQL Injection en Page Sort Endpoint (Star7th ShowDoc)
Descripción de la Vulnerabilidad
A vulnerability was determined in Star7th ShowDoc up to version 2.10.10/3.6.2/3.8.0. The affected functionality is an unknown feature of the file server/Application/API/Controller/PageController.class.PHP component, specifically the API Page Sort Endpoint.
The vulnerability allows manipulation of the pages argument in the endpoint, which can lead to SQL injection when used for sorting data.
Sistemas Afectados
- Software: Star7th ShowDoc v1.0 - 3.8.0 (specifically versions prior to 3.8.1)
- Potencia: File Server / Application API / Controller / PageController
Impacto y Explotabilidad
Vulnerability Severity: Critical (CVSS: 6.3)
- Attack Vector: Remote (Network-based)
- Action Required: No immediate action required for production.
Indicadores de Compromiso (IOCs)
No hay Indicadores de Compromiso públicos disponibles para este CVE en la base de datos actual.
Mitigación y Parches
| Versión | Status | Acción Recomendada |
|---|---|---|
| 3.8.1 | Patch Available | Upgrade to version 3.8.1 or higher. |
| 2.x - 3.7.x | Not Approved | No update recommended due to unknown functionality. |
Upcoming Release: Version 4.0 (Expected Q3 2026).