2 matches found
Server-Side Template Injection
nystudio107/craft-seomatic is vulnerable to server-side template injection. The vulnerability exists due to the lack of sanitization used for the url parameter in the safeCanonicalUrl function of Helper.php, allowing an attacker to inject and execute malicious code...
Server-Side Template Injection (SSTI)
nystudio107/craft-seomatic is vulnerable to server-side template injection. Lack of validation and sanitization allows an attacker to inject and execute arbitrary template variables that can lead to code execution via malicious data to the metacontainers controller...