High severityNVD Advisory· Published Jan 24, 2024· Updated Oct 17, 2025
CVE-2023-24676
CVE-2023-24676
Description
An issue found in ProcessWire 3.0.210 allows attackers to execute arbitrary code and install a reverse shell via the download_zip_url parameter when installing a new module. NOTE: this is disputed because exploitation requires that the attacker is able to enter requests as an admin; however, a ProcessWire admin is intentionally allowed to install any module that contains any arbitrary code.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
processwire/processwirePackagist | <= 3.0.210 | — |
Affected products
2Patches
Vulnerability mechanics
References
3News mentions
0No linked articles in our index yet.