CVE-2018-14716

high-risk
Published 2018-08-06

A Server Side Template Injection (SSTI) was discovered in the SEOmatic plugin before 3.1.4 for Craft CMS, because requests that don't match any elements incorrectly generate the canonicalUrl, and can lead to execution of Twig code.

Do I need to act?

!
60.6% chance of exploitation in next 30 days
EPSS score — higher than 39% of all CVEs
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
!
1 public exploit available
45108
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
7
CVSS 7.5/10 High
NETWORK / LOW complexity

Affected Products (1)

Affected Vendors

Nystudio107

References (12)

Third Party Advisory http://ha.cker.info/exploitation-of-server-side-template-injection-with-craft-cm...
Vendor Advisory https://github.com/nystudio107/craft-seomatic/commit/1e7d1d084ac3a89e7ec70620f27...
Patch https://github.com/nystudio107/craft-seomatic/releases/tag/3.1.4
Vendor Advisory https://twitter.com/nystudio107/status/1021847835418009605
Vendor Advisory https://twitter.com/nystudio107/status/1021855169515057152
Exploit https://www.exploit-db.com/exploits/45108/
Third Party Advisory http://ha.cker.info/exploitation-of-server-side-template-injection-with-craft-cm...
Vendor Advisory https://github.com/nystudio107/craft-seomatic/commit/1e7d1d084ac3a89e7ec70620f27...
Patch https://github.com/nystudio107/craft-seomatic/releases/tag/3.1.4
Vendor Advisory https://twitter.com/nystudio107/status/1021847835418009605
Vendor Advisory https://twitter.com/nystudio107/status/1021855169515057152
Exploit https://www.exploit-db.com/exploits/45108/
50
/ 100
high-risk
Severity 26/34 · High
Exploitability 19/34 · Moderate
Exposure 5/34 · Minimal