8 matches found
WordPress Canto Remote Shell Upload
Exploit Title: Wordpress Plugin Canto " def createadminfilelocaldir, localshell=None: if not os.path.exis...
Wordpress Canto Plugin < 3.0.5 - Remote File Inclusion and Remote Code Execution Exploit
Exploit Title: Wordpress Plugin Canto " def createadminfilelocaldir, localshell=None: if not os.path.existslocaldir: os.makedirslocaldir If a local shell is p...
Wordpress Plugin Canto < 3.0.5 - Remote File Inclusion (RFI) and Remote Code Execution (RCE)
Exploit Title: Wordpress Plugin Canto " def createadminfilelocaldir, localshell=None: if not os.path.existslocaldir: os...
Exploit for CVE-2023-3452
CVE-2023-3452-PoC - Wordpress Plugin Canto 3.0.5 - Remote...
CVE-2023-3452
creationtimestamp| type| source ---|---|--- 2023-08-12 07:17:07+00:00| seen| https://t.me/cibsecurity/68387 2023-11-23 18:51:42+00:00| published-proof-of-concept| https://t.me/GithubRedTeam/5930 2023-11-25 12:25:42+00:00| published-proof-of-concept| https://t.me/CyberSecurityTechnologies/9459...
CVE-2023-3452
The Canto plugin for WordPress is vulnerable to Remote File Inclusion in versions up to, and including, 3.0.4 via the 'wpabspath' parameter. This allows unauthenticated attackers to include and execute arbitrary remote code on the server, provided that allowurlinclude is enabled. Local File...
CVE-2023-3452
The CVE-2023-3452 entry concerns the WordPress Canto plugin (versions up to and including 3.0.4). The root cause is improper handling of the wp_abspath parameter, enabling Remote File Inclusion (RFI); if allow_url_include is enabled, an unauthenticated attacker can include and execute remote code...
WordPress Canto Plugin <= 3.0.4 is vulnerable to Remote File Inclusion
Software Canto Type Plugin Vulnerable versions = 3.0.4 Fixed in 3.0.5 OWASP Top 10 A1: Injection Classification Remote File Inclusion CVE CVE-2023-3452 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID aabfee448799 Credits Marco Wotschka Required privilege Unauthenticated...