nystudio107/craft-seomatic is vulnerable to server-side template injection. The vulnerability exists due to the lack of sanitization used for the url
parameter in the safeCanonicalUrl
function of Helper.php
, allowing an attacker to inject and execute malicious code.
CPE | Name | Operator | Version |
---|---|---|---|
nystudio107/craft-seomatic | le | 3.4.10 | |
nystudio107/craft-seomatic | le | 3.4.10 |