CVE-2020-12790

2020-05-1119:15:11

Google

osv.dev

7 High

AI Score

Confidence

High

0.004 Low

EPSS

Percentile

74.4%

JSON

In the SEOmatic plugin before 3.2.49 for Craft CMS, helpers/DynamicMeta.php does not properly sanitize the URL. This leads to Server-Side Template Injection and credentials disclosure via a crafted Twig template after a semicolon.

CPENameOperatorVersion
craft-seomaticeq3.2.2
craft-seomaticeq3.0.7
craft-seomaticeq3.0.0-beta.14
craft-seomaticeq3.1.7
craft-seomaticeq3.2.35
craft-seomaticeq3.1.46
craft-seomaticeq3.0.14
craft-seomaticeq3.1.31
craft-seomaticeq3.1.4
craft-seomaticeq3.0.0-beta.2

Name	Operator	Version
craft-seomatic	eq	3.2.2
craft-seomatic	eq	3.0.7
craft-seomatic	eq	3.0.0-beta.14
craft-seomatic	eq	3.1.7
craft-seomatic	eq	3.2.35
craft-seomatic	eq	3.1.46
craft-seomatic	eq	3.0.14
craft-seomatic	eq	3.1.31
craft-seomatic	eq	3.1.4
craft-seomatic	eq	3.0.0-beta.2