CVE-2018-14716

HIGH

nystudio107 SEOmatic < 3.1.4 - Server-Side Template Injection via Canonical URL Generation

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2018-14716. PoCs published by 0xB455.

AI-analyzed exploit summary This exploit demonstrates a Server-Side Template Injection (SSTI) vulnerability in Craft CMS SEOmatic plugin 3.1.4. It leverages Twig template engine injection via the URI path, bypassing input filters by using the User-Agent header to extract sensitive configuration data like database passwords.

Description

A Server Side Template Injection (SSTI) was discovered in the SEOmatic plugin before 3.1.4 for Craft CMS, because requests that don't match any elements incorrectly generate the canonicalUrl, and can lead to execution of Twig code.

Exploits (2)

exploitdb WORKING POC

by 0xB455 · textwebappslinux

https://www.exploit-db.com/exploits/45108

View Code ZIP pw:eip

This exploit demonstrates a Server-Side Template Injection (SSTI) vulnerability in Craft CMS SEOmatic plugin 3.1.4. It leverages Twig template engine injection via the URI path, bypassing input filters by using the User-Agent header to extract sensitive configuration data like database passwords.

Classification

Working Poc 95%

Attack Type

Info Leak

Complexity

Moderate

Reliability

Reliable

Target: Craft CMS SEOmatic plugin 3.1.4

No auth needed

Prerequisites: Access to the target Craft CMS installation · SEOmatic plugin 3.1.4 installed

MITRE ATT&CK

T1221 - Template Injection

devstral-2 · analyzed Feb 16, 2026 Full analysis →

nomisec WRITEUP 1 stars

by 0xB455 · poc

https://github.com/0xB455/CVE-2018-14716

View Code ZIP pw:eip

This repository contains a README describing a Server-Side Template Injection (SSTI) vulnerability in the Craft CMS SEOmatic plugin version 3.1.4. The writeup provides details about the CVE, exploit author, and affected software but does not include actual exploit code.

Classification

Writeup 90%

Attack Type

Rce

Complexity

Moderate

Reliability

Theoretical

Target: Craft CMS SEOmatic plugin 3.1.4

No auth needed

Prerequisites: Access to a vulnerable instance of Craft CMS with the SEOmatic plugin installed

MITRE ATT&CK

T1221 - Template Injection

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (6)

Core 6

Core References

Exploit, Third Party Advisory, VDB Entry exploit x_refsource_exploit-db

https://www.exploit-db.com/exploits/45108/

Patch, Vendor Advisory x_refsource_confirm

https://github.com/nystudio107/craft-seomatic/releases/tag/3.1.4

Vendor Advisory x_refsource_confirm

https://twitter.com/nystudio107/status/1021855169515057152

Third Party Advisory x_refsource_misc

http://ha.cker.info/exploitation-of-server-side-template-injection-with-craft-cms-plguin-seomatic/

Vendor Advisory x_refsource_confirm

https://twitter.com/nystudio107/status/1021847835418009605

Vendor Advisory x_refsource_confirm

https://github.com/nystudio107/craft-seomatic/commit/1e7d1d084ac3a89e7ec70620f2749110508d1ce1

Scores

CVSS v3 7.5

EPSS 0.6061

EPSS Percentile 98.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

CWE

CWE-94

Status published

Products (2)

nystudio107/craft-seomatic 0 - 3.1.4Packagist

nystudio107/seomatic < 3.1.4

Published Aug 06, 2018

Tracked Since Feb 18, 2026