152 matches found
CVE-2023-3452
The Canto plugin for WordPress is vulnerable to Remote File Inclusion in versions up to, and including, 3.0.4 via the 'wpabspath' parameter. This allows unauthenticated attackers to include and execute arbitrary remote code on the server, provided that allowurlinclude is enabled. Local File...
Remote file inclusion
The Canto plugin for WordPress is vulnerable to Remote File Inclusion in versions up to, and including, 3.0.4 via the 'wpabspath' parameter. This allows unauthenticated attackers to include and execute arbitrary remote code on the server, provided that allowurlinclude is enabled. Local File...
CVE-2023-3452
The Canto plugin for WordPress is vulnerable to Remote File Inclusion in versions up to, and including, 3.0.4 via the 'wpabspath' parameter. This allows unauthenticated attackers to include and execute arbitrary remote code on the server, provided that allowurlinclude is enabled. Local File...
CVE-2023-3452
The CVE-2023-3452 entry concerns the WordPress Canto plugin (versions up to and including 3.0.4). The root cause is improper handling of the wp_abspath parameter, enabling Remote File Inclusion (RFI); if allow_url_include is enabled, an unauthenticated attacker can include and execute remote code...
CVE-2023-3452 Canto <= 3.0.4 - Unauthenticated Remote File Inclusion
The Canto plugin for WordPress is vulnerable to Remote File Inclusion in versions up to, and including, 3.0.4 via the 'wpabspath' parameter. This allows unauthenticated attackers to include and execute arbitrary remote code on the server, provided that allowurlinclude is enabled. Local File...
WordPress plugin Canto security vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in the...
PT-2023-24910
Name of the Vulnerable Software and Affected Versions Canto plugin for WordPress versions up to, and including, 3.0.4 Description The Canto plugin for WordPress is vulnerable to Remote File Inclusion via the wp abspath parameter. This allows unauthenticated attackers to include and execute...
User don't have to deposit for a week into the market to get his weekly reward from the LendingLedger
Lines of code Vulnerability details Impact In the LendingLedger contract, a user is rewarded with CANTO tokens depending on how long he has his deposit in the market. Rewards are distributed for each week during which the deposit was inside the market. However, the user can cheat this condition...
LendingLedger Lack of method to rescue accidentally sent Canto
Lines of code Vulnerability details Impact There is no function to rescue Canto accidentally sent to LendingLedger so if governance fat-finger those Canto could be lost forever. Proof of Concept There is no function to transfer native token out of LendingLedger Tools Used Manual inspection...
LendingLedger.sol sends ETH instead of CANTO
Lines of code Vulnerability details Impact In the documentations for the contest it is clearly stated that LendingLedger contract is expected to send CANTO to the user when they call the claim function but in reality it transfers ETH. This could be problematic if the user is a contract that expec...
WordPress Canto Plugin <= 3.0.4 is vulnerable to Remote File Inclusion
Software Canto Type Plugin Vulnerable versions = 3.0.4 Fixed in 3.0.5 OWASP Top 10 A1: Injection Classification Remote File Inclusion CVE CVE-2023-3452 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID aabfee448799 Credits Marco Wotschka Required privilege Unauthenticated...
User with canto balance under the treshold will receive 4 canto for every transaction wich will be included in a block
Lines of code Vulnerability details Impact User, who decided to send several different tokens in the canto network at the same time and who has canto balance under the threshold, will receive 4 canto for every transaction which satisfies other onboarding conditions token type, tokens amount, in...
There is no deadline for swaps
Lines of code Vulnerability details Impact If the receiver that is specified in the IBC callback doesn't have enough tokens for interacting with the Canto network defaults at 4 CANTO, then the middleware is going to swap the tokens for some CANTO tokens on the Canto network and convert the rest t...
The validation of the source channel is performed incorrectly
Lines of code Vulnerability details Impact There is a potential risk of unauthorized sources sending assets to the Canto Network and automatically swapping transferred tokens for Canto tokens. Proof of Concept When bootstrapping Canto Network, node operators config channel ID for the onboarding...
The Swap action will always fail if the value of the deposited IBC asset is less than the value of autoSwapThreshold Canto
Lines of code Vulnerability details Impact The Swap action will always fail if the value of the deposited IBC asset the value of autoSwapThreshold Canto. This is not a bug, but it's very inconvenient for users and makes the goal of the onboarding module fail. Let's asssume that: 1 Canto = 0.1 USD...
Almost all of the github.com/cosmos/cosmos-sdk/types will be deprecated
Lines of code Vulnerability details Impact Codes in the scope won't work if the would be updated. Proof of Concept It is clearly seen that in the it is fixed version of v0.45.9. However, in next version of cosmos-sdk all of the Int methods will be deprecated. Almost all of the code in the scope i...
Users potentially cannot have Canto token swapped automatically when bridging assets to the Canto Network
Lines of code Vulnerability details Impact If the field AutoSwapThreshold is set to zero value, the logic that compares standardCoinBalance to the autoSwapThreshold always evaluates to false so there isn't any swap operation from bridged asset to Canto token for users. Therefore, the purpose of t...
Default coin spend limit was set wrong for ETH
Lines of code Vulnerability details Impact It is stated in the README that some spend limit are configured for the swaps. This is a security precaution to avoid spending too much tokens for the default 4 CANTO tokens in order to onboard the users if their balance is less than 4 tokens. As a...
Canto pool could be drained.
Lines of code Vulnerability details Impact It was written that there a limit for 10 USDC /10 USDT /0.01 ETH, which currently equals to 10 USDT/ 10 USDC/ 18 USDT almost. These limits are for 4 Canto. Which means code accepts the Canto price at max: 2,5 USDC or equavalent. It is also written in the...
No access control in mint function
Lines of code Vulnerability details Impact Canto Bio Protocol: Should allow the association of a single biography to an identity address The mint function does not have any access control mechanism in place, allowing anyone to mint multiple Bio NFTs. This could lead unwanted minting of bios. Tool...