CVE-2023-24676

CVSS 3.1 Score 7.2 of 10 (high)

Details

Published Jan 24, 2024

Updated: Aug 2, 2024

Summary

CVE-2023-24676 is a vulnerability affecting ProcessWire 3.0.210, where an attacker can exploit the download_zip_url parameter during module installation to execute arbitrary code and install a reverse shell. This issue is subject to dispute, as the successful exploitation requires the attacker to have admin access to the system. Although ProcessWire admins are granted the ability to install any module, this vulnerability may still pose a security risk to those with unsecured administrative access.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/uROWhB
https://www.cve.org/CVERecord?id=CVE-2023-24676
https://nvd.nist.gov/vuln/detail/CVE-2023-24676

Back to Vulnerability Database

CVE-2023-24676

CVSS 3.1 Score 7.2 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations