Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

Canto Security Vulnerabilities

cve
cve

CVE-2013-7416

canto_curses/guibase.py in Canto Curses before 0.9.0 allows remote feed servers to execute arbitrary commands via shell metacharacters in a URL in a feed.

7.8AI Score

0.005EPSS

2014-12-03 09:59 PM
22
cve
cve

CVE-2020-24063

The Canto plugin 1.3.0 for WordPress allows includes/lib/download.php?subdomain= SSRF.

7.2CVSS

7AI Score

0.002EPSS

2020-11-10 09:15 PM
39
cve
cve

CVE-2020-28976

The Canto plugin 1.3.0 for WordPress contains a blind SSRF vulnerability. It allows an unauthenticated attacker can make a request to any internal and external server via /includes/lib/detail.php?subdomain=SSRF.

5.3CVSS

5.2AI Score

0.007EPSS

2020-11-30 02:15 PM
47
cve
cve

CVE-2020-28977

The Canto plugin 1.3.0 for WordPress contains blind SSRF vulnerability. It allows an unauthenticated attacker can make a request to any internal and external server via /includes/lib/get.php?subdomain=SSRF.

5.3CVSS

5.3AI Score

0.008EPSS

2020-11-30 02:15 PM
48
cve
cve

CVE-2020-28978

The Canto plugin 1.3.0 for WordPress contains blind SSRF vulnerability. It allows an unauthenticated attacker can make a request to any internal and external server via /includes/lib/tree.php?subdomain=SSRF.

5.3CVSS

5.3AI Score

0.008EPSS

2020-11-30 02:15 PM
45
cve
cve

CVE-2022-40305

A Server-Side Request Forgery issue in Canto Cumulus through 11.1.3 allows attackers to enumerate the internal network, overload network resources, and possibly have unspecified other impact via the server parameter to the /cwc/login login form.

9.8CVSS

9.8AI Score

0.003EPSS

2022-09-09 05:15 AM
35
5
cve
cve

CVE-2023-3452

The Canto plugin for WordPress is vulnerable to Remote File Inclusion in versions up to, and including, 3.0.4 via the 'wp_abspath' parameter. This allows unauthenticated attackers to include and execute arbitrary remote code on the server, provided that allow_url_include is enabled. Local File Incl...

9.8CVSS

9.7AI Score

0.002EPSS

2023-08-12 03:15 AM
38
cve
cve

CVE-2024-25096

Improper Control of Generation of Code ('Code Injection') vulnerability in Canto Inc. Canto allows Code Injection.This issue affects Canto: from n/a through 3.0.7.

10CVSS

9.4AI Score

0.0004EPSS

2024-04-03 01:16 PM
52
cve
cve

CVE-2024-4936

The Canto plugin for WordPress is vulnerable to Remote File Inclusion in all versions up to, and including, 3.0.8 via the abspath parameter. This makes it possible for unauthenticated attackers to include remote files on the server, resulting in code execution. This required allow_url_include to be...

9.8CVSS

9.7AI Score

0.001EPSS

2024-06-14 05:15 AM
36