Published: 06/08/2018 Updated: 24/08/2020

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9

VMScore: 445

Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

A Server Side Template Injection (SSTI) exists in the SEOmatic plugin prior to 3.1.4 for Craft CMS, because requests that don't match any elements incorrectly generate the canonicalUrl, and can lead to execution of Twig code.

Vulnerable Product	Search on Vulmon	Subscribe to Product
nystudio107 seomatic

Check Point Reference: CPAI-2023-0976 Date Published: 15 Nov 2023 Severity: Critical ...

post Web ColdFusion RCE – CVE-2018-4939 nickbloorcouk/2018/06/18/another-coldfusion-rce-cve-2018-4939/ Exploitation of Server Side Template Injection with Craft CMS plugin SEOmatic <=313 [CVE-2018-14716] hackerinfo/exploitation-of-server-side-template-injection-with-craft-cms-plguin-seomatic/ SSL/TLS wwwwstspace/ssl-part1-ciphersuite

CWE-94 https://www.exploit-db.com/exploits/45108/https://twitter.com/nystudio107/status/1021855169515057152 https://twitter.com/nystudio107/status/1021847835418009605 https://github.com/nystudio107/craft-seomatic/releases/tag/3.1.4 https://github.com/nystudio107/craft-seomatic/commit/1e7d1d084ac3a89e7ec70620f2749110508d1ce1 http://ha.cker.info/exploitation-of-server-side-template-injection-with-craft-cms-plguin-seomatic/https://nvd.nist.gov https://github.com/Ginove/post https://advisories.checkpoint.com/defense/advisories/public/2023/cpai-2023-0976.html

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2018-14716

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Github Repositories

References

Vulmon Search

About

Products

Connect