Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
canto canto vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2024-25096
Improper Control of Generation of Code ('Code Injection') vulnerability in Canto Inc. Canto allows Code Injection.This issue affects Canto: from n/a up to and including 3.0.7.
NA
CVE-2023-3452
The Canto plugin for WordPress is vulnerable to Remote File Inclusion in versions up to, and including, 3.0.4 via the 'wp_abspath' parameter. This allows unauthenticated malicious users to include and execute arbitrary remote code on the server, provided that allow_url_...
Canto Canto
2 Github repositories
NA
CVE-2022-40305
A Server-Side Request Forgery issue in Canto Cumulus up to and including 11.1.3 allows malicious users to enumerate the internal network, overload network resources, and possibly have unspecified other impact via the server parameter to the /cwc/login login form.
Canto Canto
5
CVSSv2
CVE-2020-28978
The Canto plugin 1.3.0 for WordPress contains blind SSRF vulnerability. It allows an unauthenticated attacker can make a request to any internal and external server via /includes/lib/tree.php?subdomain=SSRF.
Canto Canto 1.3.0
1 EDB exploit
5
CVSSv2
CVE-2020-28976
The Canto plugin 1.3.0 for WordPress contains a blind SSRF vulnerability. It allows an unauthenticated attacker can make a request to any internal and external server via /includes/lib/detail.php?subdomain=SSRF.
Canto Canto 1.3.0
1 EDB exploit
5
CVSSv2
CVE-2020-28977
The Canto plugin 1.3.0 for WordPress contains blind SSRF vulnerability. It allows an unauthenticated attacker can make a request to any internal and external server via /includes/lib/get.php?subdomain=SSRF.
Canto Canto 1.3.0
1 EDB exploit
5
CVSSv2
CVE-2020-24063
The Canto plugin 1.3.0 for WordPress allows includes/lib/download.php?subdomain= SSRF.
Canto Canto 1.3.0
7.5
CVSSv2
CVE-2013-7416
canto_curses/guibase.py in Canto Curses prior to 0.9.0 allows remote feed servers to execute arbitrary commands via shell metacharacters in a URL in a feed.
Canto Canto Curses
Canto Canto Curses 0.9.0
Canto Canto Curses 0.8.4
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-7073
CVE-2024-5496
CVE-2024-5495
XPath injection
bypass
CVE-2024-30043
CVE-2024-24919
denial of service
CVE-2024-35468
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started