5 matches found
CVE-2018-14716
A Server Side Template Injection SSTI was discovered in the SEOmatic plugin before 3.1.4 for Craft CMS, because requests that don't match any elements incorrectly generate the canonicalUrl, and can lead to execution of Twig code...
CVE-2018-14716
A Server Side Template Injection SSTI was discovered in the SEOmatic plugin before 3.1.4 for Craft CMS, because requests that don't match any elements incorrectly generate the canonicalUrl, and can lead to execution of Twig code...
CVE-2018-14716
CVE-2018-14716 affects the SEOmatic plugin for Craft CMS (before 3.1.4). A Server Side Template Injection (SSTI) occurs because requests that don’t match any elements cause an incorrect canonicalUrl, enabling execution of Twig code. Documented exploits exist (exploit-db PoC) and public advisories...
CVE-2018-14716
creationtimestamp| type| source ---|---|--- 2018-07-31 13:56:42+00:00| published-proof-of-concept| https://t.me/antichat/1854 2018-07-31 15:30:30+00:00| published-proof-of-concept| https://t.me/canyoupwnme/4182...
Craft CMS SEOmatic plugin 3.1.4 - Server-Side Template Injection
Craft CMS SEOmatic plugin 3.1.4 - Server-Side Template Injection Exploit Title: Craft CMS SEOmatic plugin 3.1.4 - Server-Side Template Injection Date: 2018-07-20 Software Link: https://github.com/nystudio107/craft-seomatic Exploit Author: Sebastian Kriesten 0xB455 Contact:...