Nystudio107: >> Seomatic >> 3.1.13 Security Vulnerabilities
In the SEOmatic plugin up to 3.4.11 for Craft CMS 3, it is possible for unauthenticated attackers to perform a Server-Side Template Injection, allowing for remote code execution.
CVSS Score
9.8
EPSS Score
0.856
Published
2022-06-12
In the SEOmatic plugin before 3.2.49 for Craft CMS, helpers/DynamicMeta.php does not properly sanitize the URL. This leads to Server-Side Template Injection and credentials disclosure via a crafted Twig template after a semicolon.
CVSS Score
7.5
EPSS Score
0.005
Published
2020-05-11