CVE-2025-0520: ShowDoc unrestricted file upload vulnerability

April 29, 2025 (updated April 30, 2025)

An unrestricted file upload vulnerability in ShowDoc caused by improper validation of file extension allows execution of arbitrary PHP, leading to remote code execution. This issue affects ShowDoc: before 2.8.7.

References

github.com/advisories/GHSA-6jmr-r7p6-f5wr
github.com/star7th/showdoc
github.com/star7th/showdoc/pull/1059
github.com/vulhub/vulhub/tree/master/showdoc/CNVD-2020-26585
nvd.nist.gov/vuln/detail/CVE-2025-0520
www.cnvd.org.cn/flaw/show/CNVD-2020-26585

Code Behaviors & Features

Detect and mitigate CVE-2025-0520 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →