2 matches found
CVE-2023-24676
An issue found in ProcessWire 3.0.210 allows attackers to execute arbitrary code and install a reverse shell via the downloadzipurl parameter when installing a new module. NOTE: this is disputed because exploitation requires that the attacker is able to enter requests as an admin; however, a...
CVE-2023-24676
ProcessWire 3.0.210 is affected by a vulnerable download_zip_url parameter used when installing a new module, which can allow arbitrary code execution and a reverse shell. The Red Hat, Veracode, OSV, and related entries concur with the core issue; exploitation is described as requiring admin priv...