CVE-2023-24676 Information

Description

An issue found in Processwire 3.0.210 allows attackers to execute arbitrary code and install a reverse shell via the download_zip_url parameter when installing a new module.

Reference

https://medium.com/%40cupc4k3/reverse-shell-via-remote-file-inlusion-in-proccesswire-cms-a8fa5ace3255 An issue found in Processwire 3.0.210 allows attackers to execute arbitrary code and install a reverse shell via the download_zip_url parameter when installing a new module.