83 matches found
Processwire CMS <2.7.1 - Local File Inclusion
Processwire CMS prior to 2.7.1 is vulnerable to local file inclusion because it allows a remote attacker to retrieve sensitive files via the download parameter to index.php. id: CVE-2020-27467 info: name: Processwire CMS 2.7.1 - Local File Inclusion author: 0xAkoko severity: high description:...
CVE-2026-40500
ProcessWire CMS version 3.0.255 and prior contain a server-side request forgery vulnerability in the admin panel's 'Add Module From URL' feature that allows authenticated administrators to supply arbitrary URLs to the module download parameter, causing the server to issue outbound HTTP requests t...
EUVD-2026-23121
ProcessWire CMS version 3.0.255 and prior contain a server-side request forgery vulnerability in the admin panel's 'Add Module From URL' feature that allows authenticated administrators to supply arbitrary URLs to the module download parameter, causing the server to issue outbound HTTP requests t...
GHSA-GMWR-9J4P-96VM ProcessWire: server-side request forgery vulnerability in the admin panel's 'Add Module From URL' feature
ProcessWire CMS version 3.0.255 and prior contain a server-side request forgery vulnerability in the admin panel's 'Add Module From URL' feature that allows authenticated administrators to supply arbitrary URLs to the module download parameter, causing the server to issue outbound HTTP requests t...
ProcessWire: server-side request forgery vulnerability in the admin panel's 'Add Module From URL' feature
ProcessWire CMS version 3.0.255 and prior contain a server-side request forgery vulnerability in the admin panel's 'Add Module From URL' feature that allows authenticated administrators to supply arbitrary URLs to the module download parameter, causing the server to issue outbound HTTP requests t...
Server-side Request Forgery (SSRF)
Overview processwire/processwire is a CMS/CMF. Affected versions of this package are vulnerable to Server-side Request Forgery SSRF in the Add Module From URL process. An attacker can access internal network resources and sensitive endpoints by supplying arbitrary URLs to the module download...
CVE-2026-40500
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. The "Add Module from URL" feature requires superuser privileges root-equivalent in ProcessWire who already has unrestricted arbitrary code execution via standard module upload, making the SSRF vector...
CVE-2026-40500
...
CVE-2026-40500
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. The "Add Module from URL" feature requires superuser privileges root-equivalent in ProcessWire who already has unrestricted arbitrary code execution via standard module upload, making the SSRF vector incapable of providing...
CVE-2026-40500
...
CVE-2026-40500
Summary: Multiple sources describe a server-side request forgery (SSRF) in ProcessWire CMS prior to 3.0.256 via the admin panel’s “Add Module From URL” feature. The vulnerability permits an authenticated administrator to supply arbitrary URLs to the module-download parameter, triggering outbound ...
CVE-2026-40500 ProcessWire CMS SSRF via Add Module From URL
ProcessWire CMS version 3.0.255 and prior contain a server-side request forgery vulnerability in the admin panel's 'Add Module From URL' feature that allows authenticated administrators to supply arbitrary URLs to the module download parameter, causing the server to issue outbound HTTP requests t...
PT-2026-33179
ProcessWire CMS version 3.0.255 and prior contain a server-side request forgery vulnerability in the admin panel's 'Add Module From URL' feature that allows authenticated administrators to supply arbitrary URLs to the module download parameter, causing the server to issue outbound HTTP requests t...
ProcessWire CMS 安全漏洞
ProcessWire CMS is a flexible content management system developed by ProcessWire as open source. Versions of ProcessWire CMS 3.0.255 and earlier contained security vulnerabilities. These vulnerabilities were due to a server-side request forgeing issue in the “Add Module From URL” feature of the...
CVE-2024-41597
Cross Site Request Forgery vulnerability in ProcessWire v.3.0.229 allows a remote attacker to execute arbitrary code via a crafted HTML file to the comments functionality...
Denial Of Service (DoS)
processwire/processwire is vulnerable to Denial of Service. The vulnerability is due to automatic extraction of user-supplied ZIP files uploaded via Language Support without size or resource limits prior to validation, which allows an attacker with low privileges to upload a crafted ZIP and trigg...
CVE-2025-60790
ProcessWire CMS 3.0.246 allows a low-privileged user with lang-edit to upload a crafted ZIP to Language Support that is auto-extracted without limits prior to validation, enabling resource-exhaustion Denial of Service...
Data Amplification
Overview processwire/processwire is a CMS/CMF. Affected versions of this package are vulnerable to Data Amplification via the Language Support admin interface. A user with lang-edit permission can cause resource exhaustion by uploading a malicious ZIP file that is automatically extracted without...
GHSA-9P44-Q66P-XM6P ProcessWire CMS vulnerable to resource-exhaustion Denial of Service
ProcessWire CMS 3.0.246 allows a low-privileged user with lang-edit to upload a crafted ZIP to Language Support that is auto-extracted without limits prior to validation, enabling resource-exhaustion Denial of Service...
ProcessWire CMS vulnerable to resource-exhaustion Denial of Service
ProcessWire CMS 3.0.246 allows a low-privileged user with lang-edit to upload a crafted ZIP to Language Support that is auto-extracted without limits prior to validation, enabling resource-exhaustion Denial of Service...