{"vulnerability": "CVE-2023-3452", "sightings": [{"uuid": "2d42b2db-cee7-4c8e-8615-8779054f7cd6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-3452", "type": "published-proof-of-concept", "source": "Telegram/iGW_5A0oZkZcyB-GkqlrOVgdjCeQTucngSvvwjWlsOYRomA", "content": "", "creation_timestamp": "2024-03-30T17:23:45.000000Z"}, {"uuid": "e1459dd3-5acf-4f1e-b950-2e97d15053e6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-3452", "type": "seen", "source": "https://bsky.app/profile/beikokucyber.bsky.social/post/3mfpld7v5fb2w", "content": "", "creation_timestamp": "2026-02-25T21:02:30.562071Z"}, {"uuid": "8c40a66e-8261-4281-8520-4fac5b09095d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-3452", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/5930", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aRCE\n\u63cf\u8ff0\uff1aWordpress Plugin Canto < 3.0.5 - Remote File Inclusion (RFI) and Remote Code Execution (RCE)\nURL\uff1ahttps://github.com/leoanggal1/CVE-2023-3452-PoC\n\n\u6807\u7b7e\uff1a#RCE", "creation_timestamp": "2023-11-23T18:51:42.000000Z"}, {"uuid": "541ef94b-9b24-4770-8320-11e6328e2c09", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-3452", "type": "seen", "source": "https://t.me/cibsecurity/68387", "content": "\u203c CVE-2023-3452 \u203c\n\nThe Canto plugin for WordPress is vulnerable to Remote File Inclusion in versions up to, and including, 3.0.4 via the 'wp_abspath' parameter. This allows unauthenticated attackers to include and execute arbitrary remote code on the server, provided that allow_url_include is enabled. Local File Inclusion is also possible, albeit less useful because it requires that the attacker be able to upload a malicious php file via FTP or some other means into a directory readable by the web server.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-08-12T07:17:07.000000Z"}, {"uuid": "786c2088-c1d7-40d8-8f6c-67f12a7c799d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-3452", "type": "published-proof-of-concept", "source": "https://t.me/CNArsenal/2201", "content": "https://github.com/leoanggal1/CVE-2023-3452-PoC\n\nWordpress Plugin Canto < 3.0.5 - Remote File Inclusion (RFI) and Remote Code Execution (RCE)\n#github #poc", "creation_timestamp": "2024-03-29T05:06:09.000000Z"}, {"uuid": "a2733214-a5f7-405c-88f0-370096ede123", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-3452", "type": "published-proof-of-concept", "source": "https://t.me/Rootsec_2/2096", "content": "#exploit\n1. CVE-2023-47444:\nAuthenticated Static Code Injections in OpenCart\nhttps://0xbro.red/disclosures/disclosed-vulnerabilities/opencart-cve-2023-47444\n\n2. CVE-2022-41853:\nUsing static functions to obtian RCE via Java Deserialization & Remote Codebase Attack\nhttps://github.com/mbadanoiu/CVE-2022-41853\n\n3. CVE-2023-3452:\nWordpress Plugin Canto < 3.0.5 - RFI/RCE Unauthenticated\nhttps://github.com/leoanggal1/CVE-2023-3452-PoC", "creation_timestamp": "2024-08-16T08:52:58.000000Z"}, {"uuid": "9a6f4aa6-cddf-4466-a5a0-db333cfec6e0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-3452", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/9459", "content": "#exploit\n1. CVE-2023-47444:\nAuthenticated Static Code Injections in OpenCart\nhttps://0xbro.red/disclosures/disclosed-vulnerabilities/opencart-cve-2023-47444\n\n2. CVE-2022-41853:\nUsing static functions to obtian RCE via Java Deserialization & Remote Codebase Attack\nhttps://github.com/mbadanoiu/CVE-2022-41853\n\n3. CVE-2023-3452:\nWordpress Plugin Canto < 3.0.5 - RFI/RCE Unauthenticated\nhttps://github.com/leoanggal1/CVE-2023-3452-PoC", "creation_timestamp": "2023-11-25T12:25:42.000000Z"}]}