Andrew Welch - Security Researcher - Exploit Intelligence Platform

CVE-2020-12790 WRITEUP HIGH WRITEUP

nystudio107 SEOmatic < 3.2.49 - Server-Side Template Injection via Twig Template

In the SEOmatic plugin before 3.2.49 for Craft CMS, helpers/DynamicMeta.php does not properly sanitize the URL. This leads to Server-Side Template Injection and credentials disclosure via a crafted Twig template after a semicolon.

CVSS 7.5

View Code

CVE-2020-9757 WRITEUP CRITICAL WRITEUP

Craft CMS SEOmatic < 3.3.0 - Server-Side Template Injection via Metacontainers Controller

The SEOmatic component before 3.3.0 for Craft CMS allows Server-Side Template Injection that leads to RCE via malformed data to the metacontainers controller.

CVSS 9.8

View Code

CVE-2021-41750 WRITEUP MEDIUM WRITEUP

nystudio107 SEOmatic < 3.4.11 - Cross-Site Scripting via SEO File Link URL Parameter

A cross-site scripting (XSS) vulnerability in the SEOmatic plugin 3.4.10 for Craft CMS 3 allows remote attackers to inject arbitrary web script via a GET to /index.php?action=seomatic/file/seo-file-link with url parameter containing the base64 encoded URL of a malicious web page / file and fileName parameter containing an arbitrary filename with the intended content-type to be rendered in the user's browser as the extension.

CVSS 6.1

View Code

CVE-2020-9757 WRITEUP CRITICAL WRITEUP

Craft CMS SEOmatic < 3.3.0 - Server-Side Template Injection via Metacontainers Controller

The SEOmatic component before 3.3.0 for Craft CMS allows Server-Side Template Injection that leads to RCE via malformed data to the metacontainers controller.

CVSS 9.8

View Code

CVE-2021-41749 WRITEUP CRITICAL WRITEUP

nystudio107 SEOmatic < 3.4.11 - Unauthenticated Server-Side Template Injection

In the SEOmatic plugin up to 3.4.11 for Craft CMS 3, it is possible for unauthenticated attackers to perform a Server-Side Template Injection, allowing for remote code execution.

CVSS 9.8

View Code

CVE-2021-41750 WRITEUP MEDIUM WRITEUP

nystudio107 SEOmatic < 3.4.11 - Cross-Site Scripting via SEO File Link URL Parameter

A cross-site scripting (XSS) vulnerability in the SEOmatic plugin 3.4.10 for Craft CMS 3 allows remote attackers to inject arbitrary web script via a GET to /index.php?action=seomatic/file/seo-file-link with url parameter containing the base64 encoded URL of a malicious web page / file and fileName parameter containing an arbitrary filename with the intended content-type to be rendered in the user's browser as the extension.

CVSS 6.1

View Code