Processwire CMS <2.7.1 - Local File Inclusion

Processwire CMS prior to 2.7.1 is vulnerable to local file inclusion because it allows a remote attacker to retrieve sensitive files via the download parameter to index.php. id: CVE-2020-27467 info: name: Processwire CMS 2.7.1 - Local File Inclusion author: 0xAkoko severity: high description:...

CVE-2026-40500

ProcessWire CMS version 3.0.255 and prior contain a server-side request forgery vulnerability in the admin panel's 'Add Module From URL' feature that allows authenticated administrators to supply arbitrary URLs to the module download parameter, causing the server to issue outbound HTTP requests t...

CVE-2026-40500 ProcessWire CMS SSRF via Add Module From URL

ProcessWire CMS version 3.0.255 and prior contain a server-side request forgery vulnerability in the admin panel's 'Add Module From URL' feature that allows authenticated administrators to supply arbitrary URLs to the module download parameter, causing the server to issue outbound HTTP requests t...

ProcessWire CMS 安全漏洞

ProcessWire CMS is a flexible content management system developed by ProcessWire as open source. Versions of ProcessWire CMS 3.0.255 and earlier contained security vulnerabilities. These vulnerabilities were due to a server-side request forgeing issue in the “Add Module From URL” feature of the...

CVE-2025-60790

ProcessWire CMS 3.0.246 allows a low-privileged user with lang-edit to upload a crafted ZIP to Language Support that is auto-extracted without limits prior to validation, enabling resource-exhaustion Denial of Service...

GHSA-9P44-Q66P-XM6P ProcessWire CMS vulnerable to resource-exhaustion Denial of Service

ProcessWire CMS 3.0.246 allows a low-privileged user with lang-edit to upload a crafted ZIP to Language Support that is auto-extracted without limits prior to validation, enabling resource-exhaustion Denial of Service...

CVE-2025-60790

ProcessWire CMS 3.0.246 allows a low-privileged user with lang-edit to upload a crafted ZIP to Language Support that is auto-extracted without limits prior to validation, enabling resource-exhaustion Denial of Service...

CVE-2025-60790

ProcessWire CMS 3.0.246 allows a low-privileged user with lang-edit to upload a crafted ZIP to Language Support that is auto-extracted without limits prior to validation, enabling resource-exhaustion Denial of Service...

CVE-2025-60790

CVE-2025-60790 affects ProcessWire CMS 3.0.246. A low-privileged user with lang-edit can upload a crafted ZIP via Language Support, which is auto-extracted without limits before validation, causing resource-exhaustion and a Denial of Service. The issue is documented across multiple feeds (NVD, Re...

CVE-2020-27467

A Directory Traversal vulnerability exits in Processwire CMS before 2.7.1 via the download parameter to index.php...

Lfi-ProcessWire Cms 跨站请求伪造漏洞

Ryan Cramer Design Lfi-ProcessWire Cms is a free content management system Cms and framework Cmf from Ryan Cramer Design USA designed to save you time and work the way you want. A cross-site request forgery vulnerability exists in Lfi-ProcessWire Cms version v3.0.200, which stems from Althoug...

CVE-2020-27467

A Directory Traversal vulnerability exits in Processwire CMS before 2.7.1 via the download parameter to index.php...

Directory traversal

A Directory Traversal vulnerability exits in Processwire CMS before 2.7.1 via the download parameter to index.php...

Lfi-ProcessWire Cms 路径遍历漏洞

Ryan Cramer Design Lfi-ProcessWire Cms is a free Content Management System Cms and Framework Cmf from Ryan Cramer Design USA designed to save you time and work the way you want. A path traversal vulnerability exists in Ryan Cramer Design Lfi-ProcessWire Cms versions prior to 2.7.1, which stems fr...

CVE-2020-27467

Processwire CMS prior to version 2.7.1 is vulnerable to a local file inclusion via the download parameter in index.php. Affected component: index.php handling in Processwire &lt;2.7.1. Root cause: directory traversal/LFI flaw enabling retrieval of sensitive files. Impact: per Nuclei template, att...

CVE-2020-27467

A Directory Traversal vulnerability exits in Processwire CMS before 2.7.1 via the download parameter to index.php...

Processwire CMS 2.4.0 - &#039;download&#039; Local File Inclusion

Exploit Title: Local File Inclusion Processwire CMS 2.4.0 Vulnerability Type: Unauthenticated LFI Date: 03.11.2020 Exploit Author: Y1LD1R1M Type: WEBAPPS Platform: PHP Vendor Homepage: https://processwire.com/ Version: 2.4.0 Tested on: Kali Linux Description Local File Inclusion in Processwire CM...

Processwire CMS 2.4.0 Local File Inclusion

Exploit Title: Local File Inclusion Processwire CMS 2.4.0 Vulnerability Type: Unauthenticated LFI Date: 03.11.2020 Exploit Author: Y1LD1R1M Type: WEBAPPS Platform: PHP Vendor Homepage: https://processwire.com/ Version: 2.4.0 Tested on: Kali Linux Description Local File Inclusion in Processwire CM...