3 matches found
CVE-2024-4936 Canto <= 3.0.8 - Unauthenticated Remote File Inclusion
The Canto plugin for WordPress is vulnerable to Remote File Inclusion in all versions up to, and including, 3.0.8 via the abspath parameter. This makes it possible for unauthenticated attackers to include remote files on the server, resulting in code execution. This required allowurlinclude to be...
CVE-2024-4936 Canto <= 3.0.8 - Unauthenticated Remote File Inclusion
The Canto plugin for WordPress is vulnerable to Remote File Inclusion in all versions up to, and including, 3.0.8 via the abspath parameter. This makes it possible for unauthenticated attackers to include remote files on the server, resulting in code execution. This required allowurlinclude to be...
WordPress Canto Plugin <= 3.0.8 is vulnerable to Local File Inclusion
Software Canto Type Plugin Vulnerable versions = 3.0.8 Fixed in N/A OWASP Top 10 A3: Injection Classification Local File Inclusion CVE CVE-2024-4936 Patch priority Low CVSS severity Low 9.8 Developer Claim ownership PSID becb06bae3de Credits Sushi Com Abacate Required privilege Unauthenticated...