Lucene search
K

8 matches found

Packet Storm
Packet Storm
added 2024/02/27 12:0 a.m.323 views

WordPress Canto Remote Shell Upload

Exploit Title: Wordpress Plugin Canto " def createadminfilelocaldir, localshell=None: if not os.path.exis...

9.8CVSS7.4AI score0.0562EPSS
Exploits7
0day.today
0day.today
added 2024/02/27 12:0 a.m.539 views

Wordpress Canto Plugin < 3.0.5 - Remote File Inclusion and Remote Code Execution Exploit

Exploit Title: Wordpress Plugin Canto " def createadminfilelocaldir, localshell=None: if not os.path.existslocaldir: os.makedirslocaldir If a local shell is p...

9.8CVSS7AI score0.0562EPSS
Exploits7
Exploit DB
Exploit DB
added 2024/02/27 12:0 a.m.628 views

Wordpress Plugin Canto &lt; 3.0.5 - Remote File Inclusion (RFI) and Remote Code Execution (RCE)

Exploit Title: Wordpress Plugin Canto " def createadminfilelocaldir, localshell=None: if not os.path.existslocaldir: os...

9.8CVSS9.4AI score0.0562EPSS
Exploits7
GithubExploit
GithubExploit
added 2023/11/05 4:33 p.m.423 views

Exploit for CVE-2023-3452

CVE-2023-3452-PoC - Wordpress Plugin Canto 3.0.5 - Remote...

9.8CVSS10AI score0.0562EPSS
Exploits7
Circl
Circl
added 2023/08/12 7:17 a.m.10 views

CVE-2023-3452

creationtimestamp| type| source ---|---|--- 2023-08-12 07:17:07+00:00| seen| https://t.me/cibsecurity/68387 2023-11-23 18:51:42+00:00| published-proof-of-concept| https://t.me/GithubRedTeam/5930 2023-11-25 12:25:42+00:00| published-proof-of-concept| https://t.me/CyberSecurityTechnologies/9459...

9.8CVSS8.6AI score0.0562EPSS
Exploits7References6
Vulnrichment
Vulnrichment
added 2023/08/12 2:5 a.m.19 views

CVE-2023-3452

The Canto plugin for WordPress is vulnerable to Remote File Inclusion in versions up to, and including, 3.0.4 via the 'wpabspath' parameter. This allows unauthenticated attackers to include and execute arbitrary remote code on the server, provided that allowurlinclude is enabled. Local File...

9.8CVSS9.8AI score0.0562EPSS
Exploits7References3
CVE
CVE
added 2023/08/12 2:5 a.m.81 views

CVE-2023-3452

The CVE-2023-3452 entry concerns the WordPress Canto plugin (versions up to and including 3.0.4). The root cause is improper handling of the wp_abspath parameter, enabling Remote File Inclusion (RFI); if allow_url_include is enabled, an unauthenticated attacker can include and execute remote code...

9.8CVSS9.7AI score0.0562EPSS
Exploits7References3Affected Software1
Patchstack
Patchstack
added 2023/08/09 12:0 a.m.20 views

WordPress Canto Plugin <= 3.0.4 is vulnerable to Remote File Inclusion

Software Canto Type Plugin Vulnerable versions = 3.0.4 Fixed in 3.0.5 OWASP Top 10 A1: Injection Classification Remote File Inclusion CVE CVE-2023-3452 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID aabfee448799 Credits Marco Wotschka Required privilege Unauthenticated...

9.8CVSS6.7AI score0.0562EPSS
Exploits7References3Affected Software1
Rows per page
Query Builder