GitHub Advisory DatabaseGHSA-23Q7-59JJ-2PJ4SEOmatic for CraftCMS allows Server-Side Template Injection
5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
0.004 Low
EPSS
Percentile
74.4%
In the SEOmatic plugin before 3.2.49 for Craft CMS, helpers/DynamicMeta.php does not properly sanitize the URL. This leads to Server-Side Template Injection and credentials disclosure via a crafted Twig template after a semicolon.
Affected configurations
| CPE | Name | Operator | Version |
|---|---|---|---|
| nystudio107/craft-seomatic | lt | 3.2.49 |
References
github.com/advisories/GHSA-23q7-59jj-2pj4
github.com/nystudio107/craft-seomatic/blob/v3/CHANGELOG.md#3249---20200324
github.com/nystudio107/craft-seomatic/commit/82f4a25b28fd622393da6592dc9e5ccee7fc5be3
github.com/nystudio107/craft-seomatic/commit/82f4a25b28fd622393da6592dc9e5ccee7fc5be3#diff-52fd042c50432133a00a8f840f4a6165
github.com/nystudio107/craft-seomatic/releases/tag/3.2.49
isec.pl/en/vulnerabilities/isec-0028-seomatic-ssti-23032020.txt
nvd.nist.gov/vuln/detail/CVE-2020-12790
Related
5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
0.004 Low
EPSS
Percentile
74.4%