1 results (0.005 seconds)
CVSS: 8.3EPSS: 0%CPEs: 1EXPL: 1
CVSS: 8.3EPSS: 0%CPEs: 1EXPL: 1CVE-2023-24676
https://notcve.org/view.php?id=CVE-2023-24676
24 Jan 2024 — An issue found in ProcessWire 3.0.210 allows attackers to execute arbitrary code and install a reverse shell via the download_zip_url parameter when installing a new module. NOTE: this is disputed because exploitation requires that the attacker is able to enter requests as an admin; however, a ProcessWire admin is intentionally allowed to install any module that contains any arbitrary code. Un problema encontrado en Processwire 3.0.210 permite a los atacantes ejecutar código arbitrario e instalar un shell i... • https://medium.com/%40cupc4k3/reverse-shell-via-remote-file-inlusion-in-proccesswire-cms-a8fa5ace3255 •