GitHub Advisory DatabaseGHSA-6J9M-RP7M-3GFGSEOmatic plugin for Craft CMS SSTI Vulnerability
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS
Percentile
92.2%
A Server Side Template Injection (SSTI) was discovered in the SEOmatic plugin before 3.1.4 for Craft CMS, because requests that don’t match any elements incorrectly generate the canonicalUrl, and can lead to execution of Twig code.
Affected configurations
| Vendor | Product | Version | CPE |
|---|---|---|---|
| nystudio107 | seomatic | * | cpe:2.3:a:nystudio107:seomatic:*:*:*:*:*:craft_cms:*:* |
References
ha.cker.info/exploitation-of-server-side-template-injection-with-craft-cms-plguin-seomatic/
github.com/advisories/GHSA-6j9m-rp7m-3gfg
github.com/nystudio107/craft-seomatic/commit/1e7d1d084ac3a89e7ec70620f2749110508d1ce1
github.com/nystudio107/craft-seomatic/releases/tag/3.1.4
nvd.nist.gov/vuln/detail/CVE-2018-14716
twitter.com/nystudio107/status/1021847835418009605
twitter.com/nystudio107/status/1021855169515057152
www.exploit-db.com/exploits/45108/
Related
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS
Percentile
92.2%