Description

The SEOmatic component before 3.3.0 for Craft CMS allows Server-Side Template Injection that leads to RCE via malformed data to the metacontainers controller.

Remediation

References

CVE-2020-9757

Related Vulnerabilities

WordPress Plugin Zedna eBook download Directory Traversal (1.1)

WordPress Plugin TheCartPress eCommerce Shopping Cart Multiple Vulnerabilities (1.5.3.6)

WordPress Plugin WordPress Video Player Multiple SQL Injection Vulnerabilities (1.5.16)

PHP Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2010-1860)

Moodle Incorrect Authorization Vulnerability (CVE-2021-40692)

Severity

High

Classification

CVE-2020-9757 CWE-138 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Tags

Missing Update Known Vulnerabilities