Описание
ProcessWire CMS vulnerable to resource-exhaustion Denial of Service
ProcessWire CMS 3.0.246 allows a low-privileged user with lang-edit to upload a crafted ZIP to Language Support that is auto-extracted without limits prior to validation, enabling resource-exhaustion Denial of Service.
Пакеты
Наименование
processwire/processwire
composer
Затронутые версииВерсия исправления
<= 3.0.246
Отсутствует
Связанные уязвимости
CVSS3: 6.5
nvd
4 месяца назад
ProcessWire CMS 3.0.246 allows a low-privileged user with lang-edit to upload a crafted ZIP to Language Support that is auto-extracted without limits prior to validation, enabling resource-exhaustion Denial of Service.