Lucene search
Veracode Vulnerability DatabaseVERACODE:7251HistoryAug 07, 2018 - 8:13 a.m.
Server Side Template Injection (SSTI)
2018-08-0708:13:30
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
1
0.044 Low
EPSS
Percentile
92.4%
nystudio107/seomatic is vulnerable to server side template injection (SSTI). The vulnerability is possible through sending requests that don’t match any elements, leading to the generation of incorrect canonicalUrl , and execution of Twig code.
| CPE | Name | Operator | Version |
|---|---|---|---|
| nystudio107/craft-seomatic | le | 3.1.3 |
References
ha.cker.info/exploitation-of-server-side-template-injection-with-craft-cms-plguin-seomatic/
github.com/nystudio107/craft-seomatic/commit/1e7d1d084ac3a89e7ec70620f2749110508d1ce1
github.com/nystudio107/craft-seomatic/releases/tag/3.1.4
twitter.com/nystudio107/status/1021847835418009605
twitter.com/nystudio107/status/1021855169515057152
www.exploit-db.com/exploits/45108/
Related
exploitpack
exploitpack
Craft CMS SEOmatic plugin 3.1.4 - Server-Side Template Injection
2018-07-31 00:00:00
cve
cve
CVE-2018-14716
2018-08-06 20:29:01
nvd
nvd
CVE-2018-14716
2018-08-06 20:29:01
osv
osv
SEOmatic plugin for Craft CMS SSTI Vulnerability
2022-05-13 01:19:08
CVE-2018-14716
2018-08-06 20:29:01
prion
prion
Code injection
2018-08-06 20:29:00
cvelist
cvelist
CVE-2018-14716
2018-08-06 20:00:00
github
github
SEOmatic plugin for Craft CMS SSTI Vulnerability
2022-05-13 01:19:08
exploitdb
exploitdb
Craft CMS SEOmatic plugin 3.1.4 - Server-Side Template Injection
2018-07-31 00:00:00