CVE-2020-28977

Canto <= 1.9.0 - Blind Server-Side Request Forgery via get.php

Severity Score

5.3

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

The Canto plugin 1.3.0 for WordPress contains blind SSRF vulnerability. It allows an unauthenticated attacker can make a request to any internal and external server via /includes/lib/get.php?subdomain=SSRF.

El plugin Canto versión 1.3.0 para WordPress, contiene una vulnerabilidad de tipo SSRF ciega. Permite a un atacante no autenticado poder realizar una petición a cualquier servidor interno y externo por medio de /includes/lib/get.php?subdomain=SSRF

WordPress Canto plugin version 1.3.0 suffers from an unauthenticated server-side request forgery vulnerability.

*Credits: Pankaj Verma

CVSS Scores

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

Low

Integrity

None

Availability

None

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Changed

Confidentiality

Low

Integrity

Low

Availability

Low

Attack Vector

Network

Attack Complexity

Low

Authentication

None

Confidentiality

Partial

Integrity

None

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2020-03-12 CVE Published
2020-11-23 CVE Reserved
2020-12-04 First Exploit
2024-08-04 CVE Updated
2024-12-17 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date

CWE

CWE-918: Server-Side Request Forgery (SSRF)

CAPEC

References (6)

URL	Tag	Source
http://packetstormsecurity.com/files/160358/WordPress-Canto-1.3.0-Server-Side-Request-Forgery.html	Third Party Advisory
https://gist.github.com/p4nk4jv/87aebd999ce4b28063943480e95fd9e0	Third Party Advisory
https://github.com/CantoDAM/Canto-Wordpress-Plugin	Product
https://wordpress.org/plugins/canto/#developers	Release Notes
https://www.canto.com/integrations/wordpress	Product

URL	Date	SRC
https://www.exploit-db.com/exploits/49189	2020-12-04

URL	Date	SRC

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Canto Search vendor "Canto"		Canto Search vendor "Canto" for product "Canto"				1.3.0 Search vendor "Canto" for product "Canto" and version "1.3.0"		wordpress		Affected