2 matches found
CVE-2021-41749
In the SEOmatic plugin up to 3.4.11 for Craft CMS 3, it is possible for unauthenticated attackers to perform a Server-Side Template Injection, allowing for remote code execution...
CVE-2021-41749
The CVE-2021-41749 entry affects the SEOmatic plugin for Craft CMS 3 up to version 3.4.11. The Nuclei template documents an unauthenticated Server-Side Template Injection (SSTI) vulnerability that allows an attacker to execute arbitrary Twig templates and system commands via the X-Forwarded-Host ...