Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
canto canto vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2013-7416
canto_curses/guibase.py in Canto Curses prior to 0.9.0 allows remote feed servers to execute arbitrary commands via shell metacharacters in a URL in a feed.
Canto Canto Curses 0.9.0
Canto Canto Curses 0.8.4
Canto Canto Curses
9.8
CVSSv3
CVE-2023-3452
The Canto plugin for WordPress is vulnerable to Remote File Inclusion in versions up to, and including, 3.0.4 via the 'wp_abspath' parameter. This allows unauthenticated malicious users to include and execute arbitrary remote code on the server, provided that allow_url_...
Canto Canto
2 Github repositories
9.8
CVSSv3
CVE-2022-40305
A Server-Side Request Forgery issue in Canto Cumulus up to and including 11.1.3 allows malicious users to enumerate the internal network, overload network resources, and possibly have unspecified other impact via the server parameter to the /cwc/login login form.
Canto Canto
7.2
CVSSv3
CVE-2020-24063
The Canto plugin 1.3.0 for WordPress allows includes/lib/download.php?subdomain= SSRF.
Canto Canto 1.3.0
5.3
CVSSv3
CVE-2020-28976
The Canto plugin 1.3.0 for WordPress contains a blind SSRF vulnerability. It allows an unauthenticated attacker can make a request to any internal and external server via /includes/lib/detail.php?subdomain=SSRF.
Canto Canto 1.3.0
1 EDB exploit
5.3
CVSSv3
CVE-2020-28978
The Canto plugin 1.3.0 for WordPress contains blind SSRF vulnerability. It allows an unauthenticated attacker can make a request to any internal and external server via /includes/lib/tree.php?subdomain=SSRF.
Canto Canto 1.3.0
1 EDB exploit
5.3
CVSSv3
CVE-2020-28977
The Canto plugin 1.3.0 for WordPress contains blind SSRF vulnerability. It allows an unauthenticated attacker can make a request to any internal and external server via /includes/lib/get.php?subdomain=SSRF.
Canto Canto 1.3.0
1 EDB exploit
NA
CVE-2024-25096
Improper Control of Generation of Code ('Code Injection') vulnerability in Canto Inc. Canto allows Code Injection.This issue affects Canto: from n/a up to and including 3.0.7.
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
type confusion
IMAP
CVE-2024-36103
CVE-2024-28995
CVE-2024-37325
CVE-2024-30078
CVE-2024-30082
SQL injection
CVE-2024-30052
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started