CVE-2018-14716 – nystudio107/craft-seomatic

Package

Manager: composer
Name: nystudio107/craft-seomatic
Vulnerable Version: >=0 <3.1.4

Severity

Level: High

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

EPSS: 0.73346 pctl0.98752

Details

SEOmatic plugin for Craft CMS SSTI Vulnerability A Server Side Template Injection (SSTI) was discovered in the SEOmatic plugin before 3.1.4 for Craft CMS, because requests that don't match any elements incorrectly generate the canonicalUrl, and can lead to execution of Twig code.

Metadata

Created: 2022-05-13T01:19:08Z
Modified: 2023-10-06T01:13:01Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-6j9m-rp7m-3gfg/GHSA-6j9m-rp7m-3gfg.json
CWE IDs: ["CWE-94"]
Alternative ID: GHSA-6j9m-rp7m-3gfg
Finding: F422
Auto approve: 1