CVE-2020-9757

CRITICAL EXPLOITED NUCLEI

Craftcms Craft Cms < 3.3.0 - Injection

Title source: rule

Description

The SEOmatic component before 3.3.0 for Craft CMS allows Server-Side Template Injection that leads to RCE via malformed data to the metacontainers controller.

Nuclei Templates (1)

Craft CMS < 3.3.0 - Server-Side Template Injection
CRITICALby dwisiswant0
Shodan: cpe:"cpe:2.3:a:craftcms:craft_cms" || http.html:craftcms || http.favicon.hash:-47932290
FOFA: icon_hash=-47932290 || body=craftcms

References (4)

Scores

CVSS v3 9.8
EPSS 0.9428
EPSS Percentile 99.9%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

VulnCheck KEV 2024-09-19
CWE
CWE-74
Status published
Products (2)
craftcms/craft_cms < 3.3.0
nystudio107/craft-seomatic 0 - 3.3.0Packagist
Published Mar 04, 2020
Tracked Since Feb 18, 2026