CraftCMS SEOmatic - Server-Side Template Injection

In the SEOmatic plugin up to 3.4.11 for Craft CMS 3, it is possible for unauthenticated attackers to perform a Server-Side. Template Injection, allowing for remote code execution. id: CVE-2021-41749 info: name: CraftCMS SEOmatic - Server-Side Template Injection author: iamnoooob,ritikchaddha...

EUVD-2022-1466

Malicious code in bioql PyPI...

Server-Side Template Injection

nystudio107/craft-seomatic is vulnerable to server-side template injection. The vulnerability exists due to the lack of sanitization used for the url parameter in the safeCanonicalUrl function of Helper.php, allowing an attacker to inject and execute malicious code...

Nystudio107 Seomatic 代码注入漏洞

Nystudio107 Seomatic is a comprehensive, powerful and flexible turnkey SEO system in the USA. Facilitates modern SEO best practices and implementation of Craft CMS 3. A security vulnerability exists in Nystudio107 Seomatic version 3.4.11 and prior versions, which can be exploited by an...

Server-side Template Injection in nystudio107/craft-seomatic

A Server-side Template Injection SSTI vulnerability exists in Nystudio107 Seomatic prior to 3.4.12 in src/helpers/UrlHelper.php via the host header...

GHSA-M3XV-X3PH-MQ22 Server-side Template Injection in nystudio107/craft-seomatic

A Server-side Template Injection SSTI vulnerability exists in Nystudio107 Seomatic prior to 3.4.12 in src/helpers/UrlHelper.php via the host header...

CVE-2021-44618

A Server-side Template Injection SSTI vulnerability exists in Nystudio107 Seomatic 3.4.12 in src/helpers/UrlHelper.php via the host header...

CVE-2021-44618

A Server-side Template Injection SSTI vulnerability exists in Nystudio107 Seomatic 3.4.12 in src/helpers/UrlHelper.php via the host header...

Design/Logic Flaw

A Server-side Template Injection SSTI vulnerability exists in Nystudio107 Seomatic 3.4.12 in src/helpers/UrlHelper.php via the host header...

CVE-2021-44618

A Server-side Template Injection SSTI vulnerability exists in Nystudio107 Seomatic 3.4.12 in src/helpers/UrlHelper.php via the host header...

CVE-2021-44618

SSTI in Nystudio107 Seomatic 3.4.12 (src/helpers/UrlHelper.php via Host header). CVSSv3.1: 9.8 (CRITICAL), network attack, no user interaction. Impact: confidentiality, integrity, availability HIGH. Exploitation details and fix version are not provided in connected documents; remediation steps no...

Server-Side Template Injection (SSTI)

nystudio107/craft-seomatic is vulnerable to server-side template injection. Lack of validation and sanitization allows an attacker to inject and execute arbitrary template variables that can lead to code execution via malicious data to the metacontainers controller...

Server Side Template Injection (SSTI)

nystudio107/seomatic is vulnerable to server side template injection SSTI. The vulnerability is possible through sending requests that don't match any elements, leading to the generation of incorrect canonicalUrl , and execution of Twig code...