Processwire: >> Processwire Security Vulnerabilities
Cross Site Request Forgery vulnerability in ProcessWire v.3.0.229 allows a remote attacker to execute arbitrary code via a crafted HTML file to the comments functionality.
CVSS Score
4.2
EPSS Score
0.0
Published
2024-07-19
An issue found in ProcessWire 3.0.210 allows attackers to execute arbitrary code and install a reverse shell via the download_zip_url parameter when installing a new module. NOTE: this is disputed because exploitation requires that the attacker is able to enter requests as an admin; however, a ProcessWire admin is intentionally allowed to install any module that contains any arbitrary code.
CVSS Score
7.2
EPSS Score
0.001
Published
2024-01-24
ProcessWire v3.0.200 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities via the Search Users and Search Pages function. These vulnerabilities allow attackers to execute arbitrary web scripts or HTML via injection of a crafted payload.
CVSS Score
6.1
EPSS Score
0.006
Published
2022-10-31
ProcessWire v3.0.200 was discovered to contain a Cross-Site Request Forgery (CSRF).
CVSS Score
6.5
EPSS Score
0.001
Published
2022-10-31
A Directory Traversal vulnerability exits in Processwire CMS before 2.7.1 via the download parameter to index.php.
CVSS Score
7.5
EPSS Score
0.798
Published
2022-02-24