CVE-2020-28976

EPSS 25.75%
Veröffentlicht 30.11.2020 14:15:11
Zuletzt bearbeitet 21.11.2024 05:23:25
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

Canto <= 1.9.0 - Blind Server-Side Request Forgery via detail.php

The Canto plugin 1.3.0 for WordPress contains a blind SSRF vulnerability. It allows an unauthenticated attacker can make a request to any internal and external server via /includes/lib/detail.php?subdomain=SSRF.

Mögliche Gegenmaßnahme

Canto: Update to version 2.0.1, or a newer patched version

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 9

Weitere Schwachstelleninformationen

SystemWordPress Plugin

≫

Produkt Canto

Version *-1.9.0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Canto ≫ Canto Version1.3.0 SwPlatformwordpress

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	25.75%	0.96

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.3	3.9	1.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:P/I:N/A:N

CWE-918 Server-Side Request Forgery (SSRF)

The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.

https://github.com/CantoDAM/Canto-Wordpress-Plugin

Product

https://wordpress.org/plugins/canto/#developers

Release Notes

https://www.canto.com/integrations/wordpress/

Product

http://packetstormsecurity.com/files/160358/WordPress-Canto-1.3.0-Server-Side-Request-Forgery.html

Third Party Advisory

VDB Entry

https://gist.github.com/p4nk4jv/87aebd999ce4b28063943480e95fd9e0

Third Party Advisory

https://www.wordfence.com/threat-intel/vulnerabilities/id/5781420d-b1e0-435f-8bf2-193cc7b095ed