CVSS: 4.2EPSS: 0%CPEs: 1EXPL: 0CVE-2024-41597
https://notcve.org/view.php?id=CVE-2024-41597
19 Jul 2024 — Cross Site Request Forgery vulnerability in ProcessWire v.3.0.229 allows a remote attacker to execute arbitrary code via a crafted HTML file to the comments functionality. La vulnerabilidad de Cross Site Request Forgery en ProcessWire v.3.0.229 permite a un atacante remoto ejecutar código arbitrario a través de un archivo HTML manipulado para la funcionalidad de comentarios. • https://gist.github.com/DefensiumDevelopers/608be4d10b016dce0566925368a8b08c#file-cve-2024-41597-md • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 8.3EPSS: 0%CPEs: 1EXPL: 1CVE-2023-24676
https://notcve.org/view.php?id=CVE-2023-24676
24 Jan 2024 — An issue found in ProcessWire 3.0.210 allows attackers to execute arbitrary code and install a reverse shell via the download_zip_url parameter when installing a new module. NOTE: this is disputed because exploitation requires that the attacker is able to enter requests as an admin; however, a ProcessWire admin is intentionally allowed to install any module that contains any arbitrary code. Un problema encontrado en Processwire 3.0.210 permite a los atacantes ejecutar código arbitrario e instalar un shell i... • https://medium.com/%40cupc4k3/reverse-shell-via-remote-file-inlusion-in-proccesswire-cms-a8fa5ace3255 •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-40488
https://notcve.org/view.php?id=CVE-2022-40488
31 Oct 2022 — ProcessWire v3.0.200 was discovered to contain a Cross-Site Request Forgery (CSRF). Se descubrió que ProcessWire v3.0.200 contenía Cross-Site Request Forgery (CSRF). • http://processwire.com • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2022-40487
https://notcve.org/view.php?id=CVE-2022-40487
31 Oct 2022 — ProcessWire v3.0.200 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities via the Search Users and Search Pages function. These vulnerabilities allow attackers to execute arbitrary web scripts or HTML via injection of a crafted payload. Se descubrió que ProcessWire v3.0.200 contiene múltiples vulnerabilidades de Cross-Site Scripting (XSS) a través de la función Buscar Usuarios y Páginas de Búsqueda. Estas vulnerabilidades permiten a los atacantes ejecutar scripts web o HTML arbitrar... • http://processwire.com • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2020-27467
https://notcve.org/view.php?id=CVE-2020-27467
22 Feb 2022 — A Directory Traversal vulnerability exits in Processwire CMS before 2.7.1 via the download parameter to index.php. Una vulnerabilidad de Salto de Directorio se presenta en Processwire CMS versiones anteriores a 2.7.1, por medio del parámetro download en el archivo index.php • https://github.com/ceng-yildirim/LFI-processwire • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •