Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
canto canto vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv2
CVE-2013-7416
canto_curses/guibase.py in Canto Curses prior to 0.9.0 allows remote feed servers to execute arbitrary commands via shell metacharacters in a URL in a feed.
Canto Canto Curses
Canto Canto Curses 0.9.0
Canto Canto Curses 0.8.4
NA
CVE-2022-40305
A Server-Side Request Forgery issue in Canto Cumulus up to and including 11.1.3 allows malicious users to enumerate the internal network, overload network resources, and possibly have unspecified other impact via the server parameter to the /cwc/login login form.
Canto Canto
NA
CVE-2023-3452
The Canto plugin for WordPress is vulnerable to Remote File Inclusion in versions up to, and including, 3.0.4 via the 'wp_abspath' parameter. This allows unauthenticated malicious users to include and execute arbitrary remote code on the server, provided that allow_url_...
Canto Canto
2 Github repositories
5
CVSSv2
CVE-2020-28976
The Canto plugin 1.3.0 for WordPress contains a blind SSRF vulnerability. It allows an unauthenticated attacker can make a request to any internal and external server via /includes/lib/detail.php?subdomain=SSRF.
Canto Canto 1.3.0
1 EDB exploit
5
CVSSv2
CVE-2020-28977
The Canto plugin 1.3.0 for WordPress contains blind SSRF vulnerability. It allows an unauthenticated attacker can make a request to any internal and external server via /includes/lib/get.php?subdomain=SSRF.
Canto Canto 1.3.0
1 EDB exploit
5
CVSSv2
CVE-2020-28978
The Canto plugin 1.3.0 for WordPress contains blind SSRF vulnerability. It allows an unauthenticated attacker can make a request to any internal and external server via /includes/lib/tree.php?subdomain=SSRF.
Canto Canto 1.3.0
1 EDB exploit
5
CVSSv2
CVE-2020-24063
The Canto plugin 1.3.0 for WordPress allows includes/lib/download.php?subdomain= SSRF.
Canto Canto 1.3.0
NA
CVE-2024-25096
Improper Control of Generation of Code ('Code Injection') vulnerability in Canto Inc. Canto allows Code Injection.This issue affects Canto: from n/a up to and including 3.0.7.
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4367
CVE-2024-35977
CVE-2023-49335
man-in-the-middle
CVE-2024-4947
CVE-2024-31714
memory leak
SQL
CVE-2024-35994
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started