Mend.io Vulnerability Database

What is a CVE vulnerability ID? icon What is a WS vulnerability ID? icon What is an MSC vulnerability ID? icon
New vulnerability? Tell us about it!
icon

We found results for “

CVE-2018-14716

Date: August 6, 2018

A Server Side Template Injection (SSTI) was discovered in the SEOmatic plugin before 3.1.4 for Craft CMS, because requests that don't match any elements incorrectly generate the canonicalUrl, and can lead to execution of Twig code.

Language: PHP

Severity Score

Related Resources (11)

https://github.com/nystudio107/craft-seomatic
https://www.exploit-db.com/exploits/45108
https://github.com/nystudio107/craft-seomatic/releases/tag/3.1.4
https://nvd.nist.gov/vuln/detail/CVE-2018-14716
http://ha.cker.info/exploitation-of-server-side-template-injection-with-craft-cms-plguin-seomatic/
https://twitter.com/nystudio107/status/1021847835418009605
https://github.com/nystudio107/craft-seomatic/commit/1e7d1d084ac3a89e7ec70620f2749110508d1ce1
https://twitter.com/nystudio107/status/1021855169515057152
https://www.exploit-db.com/exploits/45108/
http://ha.cker.info/exploitation-of-server-side-template-injection-with-craft-cms-plguin-seomatic
https://www.mend.io/vulnerability-database/CVE-2018-14716

Severity Score

Weakness Type (CWE)

Improper Control of Generation of Code ('Code Injection')

CWE-94

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

CWE-74

CVSS v3.1

Base Score:
Attack Vector (AV): NETWORK
Attack Complexity (AC): LOW
Privileges Required (PR): NONE
User Interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality (C): HIGH
Integrity (I): NONE
Availability (A): NONE

CVSS v2

Base Score:
Access Vector (AV): NETWORK
Access Complexity (AC): LOW
Authentication (AU): NONE
Confidentiality (C): PARTIAL
Integrity (I): NONE
Availability (A): NONE
Additional information:

Do you need more information?

Contact Us