Sensitive Information Disclosure in ShowDoc 2.4.1 via Modified page_id

Sensitive Information Disclosure in ShowDoc 2.4.1 via Modified page_id

CVE-2018-19609 · MEDIUM Severity

AV:N/AC:L/AU:S/C:P/I:N/A:N

ShowDoc 2.4.1 allows remote attackers to obtain sensitive information by navigating with a modified page_id, as demonstrated by reading note content, or discovering a username in the JSON data at a diff URL.

Learn more about our User Device Pen Test.