CVE-2018-14716

Published: Aug 6, 2018

Modified: Aug 5, 2024

PUBLISHED

Description

A Server Side Template Injection (SSTI) was discovered in the SEOmatic plugin before 3.1.4 for Craft CMS, because requests that don't match any elements incorrectly generate the canonicalUrl, and can lead to execution of Twig code.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

45108

exploit

x_refsource_EXPLOIT-DB

https://github.com/nystudio107/craft-seomatic/releases/tag/3.1.4

x_refsource_CONFIRM

https://twitter.com/nystudio107/status/1021855169515057152

x_refsource_CONFIRM

http://ha.cker.info/exploitation-of-server-side-template-injection-with-craft-cms-plguin-seomatic/

x_refsource_MISC

https://twitter.com/nystudio107/status/1021847835418009605

x_refsource_CONFIRM

https://github.com/nystudio107/craft-seomatic/commit/1e7d1d084ac3a89e7ec70620f2749110508d1ce1

x_refsource_CONFIRM

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2018-14716

Description

Affected Products

References