What is CVE-2026-6982?

CVE-2026-6982 is a medium-severity vulnerability in Star7th Showdoc, classified under SQL Injection. CVSS score: 6.3/10. Published 2026-04-25.

How severe is CVE-2026-6982?

Medium severity. CVSS v3 base score is 6.3 out of 10.

SQL Injection in Star7th Showdoc

CVE-2026-6982

A vulnerability was determined in star7th ShowDoc up to 2.10.10/3.6.2/3.8.0. Affected by this vulnerability is an unknown functionality of the file server/Application/Api/Controller/PageController.class.PHP of the component API Page Sort E…

Vulnerability class: SQL Injection

EPSS: 0.000 (1.8th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 6.3 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:X/RL:O/RC:C.

Affected products

Star7th Showdoc — versions 2.10.0, 2.10.1, 2.10.2

Weakness classification (CWE)

References

VDB-359525 | star7th ShowDoc API Page Sort Endpoint PageController.class.PHP sql injection (vdb-entry, technical-description)
VDB-359525 | CTI Indicators (IOB, IOC, TTP, IOA) (signature, permissions-required)
Submit #795528 | star7th ShowDoc 2.5.3 - 2.10.10, 3.0.0 - 3.6.2 SQL Injection (third-party-advisory)
gist.github.com/saDL0w/555e19668264f98d96259ad47ea33811 (related)
github.com/star7th/showdoc/releases/tag/v3.8.1 (patch)

Frequently asked questions

What is CVE-2026-6982?: CVE-2026-6982 is a medium-severity vulnerability in Star7th Showdoc, classified under SQL Injection. CVSS score: 6.3/10. Published 2026-04-25.
How severe is CVE-2026-6982?: Medium severity. CVSS v3 base score is 6.3 out of 10.