CVE-2023-3452

2023-08-1203:15:09

[email protected]

web.nvd.nist.gov

wordpress

canto plugin

cve-2023-3452

remote file inclusion

local file inclusion

nvd

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.7 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

51.4%

JSON

The Canto plugin for WordPress is vulnerable to Remote File Inclusion in versions up to, and including, 3.0.4 via the ‘wp_abspath’ parameter. This allows unauthenticated attackers to include and execute arbitrary remote code on the server, provided that allow_url_include is enabled. Local File Inclusion is also possible, albeit less useful because it requires that the attacker be able to upload a malicious php file via FTP or some other means into a directory readable by the web server.

Affected configurations

Vulners

NVD

Node

flightbycantocantoRange≤3.0.4

CPENameOperatorVersion
canto:cantocantole3.0.4

CPE	Name	Operator	Version
canto:canto	canto	le	3.0.4

CNA Affected

[
  {
    "vendor": "flightbycanto",
    "product": "Canto",
    "versions": [
      {
        "version": "*",
        "status": "affected",
        "lessThanOrEqual": "3.0.4",
        "versionType": "semver"
      }
    ],
    "defaultStatus": "unaffected"
  }
]