← volver
CVE-2018-14716

CVE-2018-14716

EPSS 33.0%
A Server Side Template Injection (SSTI) was discovered in the SEOmatic plugin before 3.1.4 for Craft CMS, because requests that don't match any elements incorrectly generate the canonicalUrl, and can lead to execution of Twig code.
Productos afectados
n/a · n/a
PoCs públicas encontradas3
githubgithub.com/0xB455/CVE-2018-147161cve_referencewww.exploit-db.com/exploits/45108/no verificadoexploitdbwww.exploit-db.com/exploits/45108no verificado
⚠ Recursos públicos, para evaluar la exposición de sistemas que controlas o estás autorizado a probar. Prueba solo con autorización.

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
http://ha.cker.info/exploitation-of-server-side-template-injection-with-craft-cms-plguin-seomatic/https://github.com/nystudio107/craft-seomatic/commit/1e7d1d084ac3a89e7ec70620f2749110508d1ce1https://github.com/nystudio107/craft-seomatic/releases/tag/3.1.4https://twitter.com/nystudio107/status/1021847835418009605https://twitter.com/nystudio107/status/1021855169515057152https://www.exploit-db.com/exploits/45108/