Processwire: >> Processwire >> 3.0.210 Security Vulnerabilities
An issue found in ProcessWire 3.0.210 allows attackers to execute arbitrary code and install a reverse shell via the download_zip_url parameter when installing a new module. NOTE: this is disputed because exploitation requires that the attacker is able to enter requests as an admin; however, a ProcessWire admin is intentionally allowed to install any module that contains any arbitrary code.
CVSS Score
7.2
EPSS Score
0.001
Published
2024-01-24