6 matches found
EUVD-2026-23121
ProcessWire CMS version 3.0.255 and prior contain a server-side request forgery vulnerability in the admin panel's 'Add Module From URL' feature that allows authenticated administrators to supply arbitrary URLs to the module download parameter, causing the server to issue outbound HTTP requests t...
Server-side Request Forgery (SSRF)
Overview processwire/processwire is a CMS/CMF. Affected versions of this package are vulnerable to Server-side Request Forgery SSRF in the Add Module From URL process. An attacker can access internal network resources and sensitive endpoints by supplying arbitrary URLs to the module download...
CVE-2026-40500
...
CVE-2026-40500
...
CVE-2026-40500
Summary: Multiple sources describe a server-side request forgery (SSRF) in ProcessWire CMS prior to 3.0.256 via the admin panel’s “Add Module From URL” feature. The vulnerability permits an authenticated administrator to supply arbitrary URLs to the module-download parameter, triggering outbound ...
PT-2026-33179
ProcessWire CMS version 3.0.255 and prior contain a server-side request forgery vulnerability in the admin panel's 'Add Module From URL' feature that allows authenticated administrators to supply arbitrary URLs to the module download parameter, causing the server to issue outbound HTTP requests t...