Lucene search

WpvulndbWPVDB-ID:1595AF73-6F97-4BC9-9CB2-14A55DAAA2D4

HistoryFeb 14, 2024 - 12:00 a.m.

Canto < 3.0.7 - Unauthenticated RCE

2024-02-1400:00:00

wpscan.com

canto plugin

remote code execution

unauthenticated attackers

server security

file inclusion

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

AI Score

9.9

Confidence

High

EPSS

Percentile

9.0%

JSON

Description The plugin is vulnerable to Remote Code Execution via the ‘abspath’ parameter due to the use of the include_once statement on the parameter allowing remote file inclusion. This makes it possible for unauthenticated attackers to execute code on the server.

References

patchstack.com/database/vulnerability/canto/wordpress-canto-plugin-3-0-6-unauthenticated-remote-code-execution-rce-vulnerability

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

AI Score

9.9

Confidence

High

EPSS

Percentile

9.0%

JSON

Related for WPVDB-ID:1595AF73-6F97-4BC9-9CB2-14A55DAAA2D4