{"url":"http://public2.vulnerablecode.io/api/packages/68605?format=json","purl":"pkg:composer/processwire/processwire@3.0.210","type":"composer","namespace":"processwire","name":"processwire","version":"3.0.210","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":null,"latest_non_vulnerable_version":null,"affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/46891?format=json","vulnerability_id":"VCID-atxx-eyec-g3h3","summary":"Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')\nAn issue found in Processwire 3.0.210 allows attackers to execute arbitrary code and install a reverse shell via the download_zip_url parameter when installing a new module.","references":[{"reference_url":"https://medium.com/%40cupc4k3/reverse-shell-via-remote-file-inlusion-in-proccesswire-cms-a8fa5ace3255","reference_id":"","reference_type":"","scores":[],"url":"https://medium.com/%40cupc4k3/reverse-shell-via-remote-file-inlusion-in-proccesswire-cms-a8fa5ace3255"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-24676","reference_id":"CVE-2023-24676","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-24676"},{"reference_url":"https://github.com/advisories/GHSA-2cvg-w29m-j8xc","reference_id":"GHSA-2cvg-w29m-j8xc","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-2cvg-w29m-j8xc"}],"fixed_packages":[],"aliases":["CVE-2023-24676","GHSA-2cvg-w29m-j8xc"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-atxx-eyec-g3h3"}],"fixing_vulnerabilities":[],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/processwire/processwire@3.0.210"}