Andrew Welch

3 exploits Active since Mar 2020
CVE-2020-9757 WRITEUP CRITICAL WRITEUP
Craftcms Craft Cms < 3.3.0 - Injection
The SEOmatic component before 3.3.0 for Craft CMS allows Server-Side Template Injection that leads to RCE via malformed data to the metacontainers controller.
CVSS 9.8
CVE-2021-41749 WRITEUP CRITICAL WRITEUP
Nystudio107 Seomatic < 3.4.11 - Code Injection
In the SEOmatic plugin up to 3.4.11 for Craft CMS 3, it is possible for unauthenticated attackers to perform a Server-Side Template Injection, allowing for remote code execution.
CVSS 9.8
CVE-2021-41750 WRITEUP MEDIUM WRITEUP
Nystudio107 Seomatic < 3.4.11 - XSS
A cross-site scripting (XSS) vulnerability in the SEOmatic plugin 3.4.10 for Craft CMS 3 allows remote attackers to inject arbitrary web script via a GET to /index.php?action=seomatic/file/seo-file-link with url parameter containing the base64 encoded URL of a malicious web page / file and fileName parameter containing an arbitrary filename with the intended content-type to be rendered in the user's browser as the extension.
CVSS 6.1