77 matches found
Wordpress Canto Plugin < 3.0.5 - Remote File Inclusion and Remote Code Execution Exploit
Exploit Title: Wordpress Plugin Canto " def createadminfilelocaldir, localshell=None: if not os.path.existslocaldir: os.makedirslocaldir If a local shell is p...
Canto < 3.0.7 - Unauthenticated RCE
Description The plugin is vulnerable to Remote Code Execution via the 'abspath' parameter due to the use of the includeonce statement on the parameter allowing remote file inclusion. This makes it possible for unauthenticated attackers to execute code on the server...
CVE-2023-3452
The Canto plugin for WordPress is vulnerable to Remote File Inclusion in versions up to, and including, 3.0.4 via the 'wpabspath' parameter. This allows unauthenticated attackers to include and execute arbitrary remote code on the server, provided that allowurlinclude is enabled. Local File...
Remote file inclusion
The Canto plugin for WordPress is vulnerable to Remote File Inclusion in versions up to, and including, 3.0.4 via the 'wpabspath' parameter. This allows unauthenticated attackers to include and execute arbitrary remote code on the server, provided that allowurlinclude is enabled. Local File...
CVE-2023-3452 Canto <= 3.0.4 - Unauthenticated Remote File Inclusion
The Canto plugin for WordPress is vulnerable to Remote File Inclusion in versions up to, and including, 3.0.4 via the 'wpabspath' parameter. This allows unauthenticated attackers to include and execute arbitrary remote code on the server, provided that allowurlinclude is enabled. Local File...
CVE-2023-3452
The Canto plugin for WordPress is vulnerable to Remote File Inclusion in versions up to, and including, 3.0.4 via the 'wpabspath' parameter. This allows unauthenticated attackers to include and execute arbitrary remote code on the server, provided that allowurlinclude is enabled. Local File...
CVE-2023-3452
The CVE-2023-3452 entry concerns the WordPress Canto plugin (versions up to and including 3.0.4). The root cause is improper handling of the wp_abspath parameter, enabling Remote File Inclusion (RFI); if allow_url_include is enabled, an unauthenticated attacker can include and execute remote code...
WordPress plugin Canto security vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in the...
WordPress Canto Plugin <= 3.0.4 is vulnerable to Remote File Inclusion
Software Canto Type Plugin Vulnerable versions = 3.0.4 Fixed in 3.0.5 OWASP Top 10 A1: Injection Classification Remote File Inclusion CVE CVE-2023-3452 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID aabfee448799 Credits Marco Wotschka Required privilege Unauthenticated...
WordPress Canto Plugin Server-Side Request Forgery (CVE-2020-28976; CVE-2020-28977; CVE-2020-28978)
A sever-side request forgery vulnerability exists in WordPress Canto Plugin. The vulnerability is due to a lack of validation on the subdomain parameter in HTTP requests. Successful exploitation of this vulnerability could allow an unauthenticated attacker to make a request to any internal and...
WordPress Canto 1.3.0 Server-Side Request Forgery
Exploit Title: Wordpress Plugin Canto 1.3.0 - Blind SSRF Unauthenticated Date: 03/12/2020 Exploit Author: Pankaj Verma p4nk4j Vendor Homepage: https://www.canto.com/integrations/wordpress/ Software Link: https://github.com/CantoDAM/Canto-Wordpress-Plugin Version: 1.3.0 Tested on: Ubuntu 18.04 CVE...
WordPress Canto plugin server-side request forgery vulnerability (CNVD-2020-68545)
WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A server-side request forgery vulnerability exists in WordPress Canto plugin 1.3.0. An attacker can...
WordPress Canto plugin <= 1.7.0 - Unauthenticated Blind Server-Side Request Forgery (SSRF) vulnerability
Unauthenticated Blind Server-Side Request Forgery SSRF vulnerability found by Pankaj Verma p4nk4jv in WordPress Canto plugin versions = 1.7.0. Solution 2020-12-01 - we were unable to find a patched version of this plugin...
WordPress Canto plugin server-side request forgery vulnerability (CNVD-2020-68546)
WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A server-side request forgery vulnerability exists in WordPress Canto plugin 1.3.0. An attacker can...
WordPress Canto plugin server-side request forgery vulnerability
WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A server-side request forgery vulnerability exists in WordPress Canto plugin 1.3.0. An attacker can...
CVE-2020-28976
The Canto plugin 1.3.0 for WordPress contains a blind SSRF vulnerability. It allows an unauthenticated attacker can make a request to any internal and external server via /includes/lib/detail.php?subdomain=SSRF...
CVE-2020-28977
The Canto plugin 1.3.0 for WordPress contains blind SSRF vulnerability. It allows an unauthenticated attacker can make a request to any internal and external server via /includes/lib/get.php?subdomain=SSRF...
CVE-2020-28978
The Canto plugin 1.3.0 for WordPress contains blind SSRF vulnerability. It allows an unauthenticated attacker can make a request to any internal and external server via /includes/lib/tree.php?subdomain=SSRF...
CVE-2020-28976
The Canto plugin 1.3.0 for WordPress contains a blind SSRF vulnerability. It allows an unauthenticated attacker can make a request to any internal and external server via /includes/lib/detail.php?subdomain=SSRF...
CVE-2020-28977
The Canto plugin 1.3.0 for WordPress contains blind SSRF vulnerability. It allows an unauthenticated attacker can make a request to any internal and external server via /includes/lib/get.php?subdomain=SSRF...