CVE-2023-24676

HIGH Year: 2023
CVSS v3 Score
7.2
High
Weakness Type
NVD-CWE-Other
View all →

Vulnerability Description

An issue found in ProcessWire 3.0.210 allows attackers to execute arbitrary code and install a reverse shell via the download_zip_url parameter when installing a new module. NOTE: this is disputed because exploitation requires that the attacker is able to enter requests as an admin; however, a ProcessWire admin is intentionally allowed to install any module that contains any arbitrary code.

Related Vulnerabilities

CVE-2012-6613

HIGH
CVSS:7.2(High)

D-Link DSR-250N devices with firmware 1.05B73_WW allow Persistent Root Access because of the admin password for the admin account.

NVD-CWE-Other2012

CVE-2014-6059

HIGH
CVSS:7.2(High)

WordPress Advanced Access Manager Plugin before 2.8.2 has an Arbitrary File Overwrite Vulnerability

NVD-CWE-Other2014

CVE-2015-7472

HIGH
CVSS:7.2(High)

IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0.0 through 7.0.0.2 CF29, 8.0.0 before 8.0.0.1 CF20, and 8.5.0 before CF10 allows remote attackers to conduct LDAP inject...

NVD-CWE-Other2015

CVE-2015-7917

HIGH
CVSS:7.2(High)

Untrusted search path vulnerability in Open Automation OPC Systems.NET 8.00.0023 and earlier allows local users to gain privileges via a Trojan horse DLL in an unspecified directory.

NVD-CWE-Other2015

CVE-2016-1227

HIGH
CVSS:7.2(High)

NTT EAST Hikari Denwa routers with firmware PR-400MI, RT-400MI, and RV-440MI 07.00.1006 and earlier and NTT WEST Hikari Denwa routers with firmware PR-400MI, RT-400MI, and RV-440MI 07.00.1005 and earl...

NVD-CWE-Other2016

CVE-2016-3461

HIGH
CVSS:7.2(High)

Unspecified vulnerability in the MySQL Enterprise Monitor component in Oracle MySQL 3.0.25 and earlier and 3.1.2 and earlier allows remote administrators to affect confidentiality, integrity, and avai...

NVD-CWE-Other2016