Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
An issue found in ProcessWire 3.0.210 allows attackers to execute arbitrary code and install a reverse shell via the download_zip_url parameter when installing a new module. NOTE: this is disputed because exploitation requires that the attacker is able to enter requests as an admin; however, a ProcessWire admin is intentionally allowed to install any module that contains any arbitrary code.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
ProcessWire 安全漏洞
Vulnerability Description
ProcessWire是一个友好且功能强大的开源 CMS,具有强大的 API。 ProcessWire 3.0.210版本存在安全漏洞,该漏洞源于允许攻击者在安装新模块时可以通过 download_zip_url 参数安装反向 shell,并执行任意代码。
CVSS Information
N/A
Vulnerability Type
N/A