CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-4936 – Canto <= 3.0.8 - Unauthenticated Remote File Inclusion
https://notcve.org/view.php?id=CVE-2024-4936
The Canto plugin for WordPress is vulnerable to Remote File Inclusion in all versions up to, and including, 3.0.8 via the abspath parameter. This makes it possible for unauthenticated attackers to include remote files on the server, resulting in code execution. This required allow_url_include to be enabled on the target site in order to exploit. El complemento Canto para WordPress es vulnerable a la inclusión remota de archivos en todas las versiones hasta la 3.0.8 incluida a través del parámetro abspath. Esto hace posible que atacantes no autenticados incluyan archivos remotos en el servidor, lo que resulta en la ejecución de código. • https://plugins.trac.wordpress.org/browser/canto/trunk/includes/lib/sizes.php#L15 https://www.wordfence.com/threat-intel/vulnerabilities/id/95a68ae0-36da-499b-a09d-4c91db8aa338?source=cve • CWE-98: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-25096 – WordPress canto plugin <= 3.0.7 - Unauth. Remote Code Execution (RCE) vulnerability
https://notcve.org/view.php?id=CVE-2024-25096
Improper Control of Generation of Code ('Code Injection') vulnerability in Canto Inc. Canto allows Code Injection.This issue affects Canto: from n/a through 3.0.7. Vulnerabilidad de control inadecuado de generación de código ("inyección de código") en Canto Inc. Canto permite la inyección de código. Este problema afecta a Canto: desde n/a hasta 3.0.7. • https://patchstack.com/database/vulnerability/canto/wordpress-canto-plugin-3-0-6-unauthenticated-remote-code-execution-rce-vulnerability?_s_id=cve • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-98: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-3452 – Canto <= 3.0.4 - Unauthenticated Remote File Inclusion
https://notcve.org/view.php?id=CVE-2023-3452
The Canto plugin for WordPress is vulnerable to Remote File Inclusion in versions up to, and including, 3.0.4 via the 'wp_abspath' parameter. This allows unauthenticated attackers to include and execute arbitrary remote code on the server, provided that allow_url_include is enabled. Local File Inclusion is also possible, albeit less useful because it requires that the attacker be able to upload a malicious php file via FTP or some other means into a directory readable by the web server. WordPress Canto versions prior to 3.0.5 suffer from remote file inclusion and shell upload vulnerabilities. • https://github.com/leoanggal1/CVE-2023-3452-PoC https://plugins.trac.wordpress.org/browser/canto/trunk/includes/lib/tree.php?rev=2841358#L5 https://plugins.trac.wordpress.org/changeset/2951888/canto/trunk/includes/lib/tree.php https://www.wordfence.com/threat-intel/vulnerabilities/id/a76077c6-700a-4d21-a930-b0d6455d959c?source=cve • CWE-98: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-40305
https://notcve.org/view.php?id=CVE-2022-40305
A Server-Side Request Forgery issue in Canto Cumulus through 11.1.3 allows attackers to enumerate the internal network, overload network resources, and possibly have unspecified other impact via the server parameter to the /cwc/login login form. Un problema de tipo Server-Side Request Forgery en Canto Cumulus versiones hasta 11.1.3, permite a atacantes enumerar la red interna, sobrecargar los recursos de la red y posiblemente tener otro impacto no especificado por medio del parámetro del servidor al formulario de inicio de sesión /cwc/login • https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2022-023.txt • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 8.3EPSS: 0%CPEs: 1EXPL: 1CVE-2020-28976 – Canto <= 1.9.0 - Blind Server-Side Request Forgery via detail.php
https://notcve.org/view.php?id=CVE-2020-28976
The Canto plugin 1.3.0 for WordPress contains a blind SSRF vulnerability. It allows an unauthenticated attacker can make a request to any internal and external server via /includes/lib/detail.php?subdomain=SSRF. El plugin Canto versión 1.3.0 para WordPress, contiene una vulnerabilidad de tipo SSRF ciega. Permite a un atacante no autenticado poder realizar una petición a cualquier servidor interno y externo por medio de /includes/lib/detail.php? • https://www.exploit-db.com/exploits/49189 http://packetstormsecurity.com/files/160358/WordPress-Canto-1.3.0-Server-Side-Request-Forgery.html https://gist.github.com/p4nk4jv/87aebd999ce4b28063943480e95fd9e0 https://github.com/CantoDAM/Canto-Wordpress-Plugin https://wordpress.org/plugins/canto/#developers https://www.canto.com/integrations/wordpress • CWE-918: Server-Side Request Forgery (SSRF) •