Canto plugin for WordPress up to version 3.0.4 contains a remote file inclusion caused by the 'wp_abspath' parameter, letting unauthenticated attackers include and execute arbitrary remote code if allow_url_include is enabled, exploit requires allow_url_include to be enabled. [已公开] id: CVE-2023-3452 info: name: WordPress Canto Plugin <= 3.0.4 - File Inclusion author: omarkurt severity: critical description: | Canto plugin for WordPress up to version 3.0.4 contains a remote file inclusion caused by the 'wp_abspath' parameter, letting unauthenticated attackers include and execute arbitrary remote code if allow_url_include is enabled, exploit requires allow_url_include to be enabled. impact: | Attackers can execute arbitrary remote code on the server, leading to full server compromise. remediation: | Update to the latest version of the Canto plugin, above 3.0.4, or disable allow_url_include in PHP configuration. reference: - https://www.exploit-db.com/exploits/51826 - https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/canto/canto-304-unauthenticated-remote-file-inclusion - https://nvd.nist.gov/vuln/detail/CVE-2023-3452 classification: cvss-metrics: CVSS:3.1/AV:N/

未知