Description

The SEOmatic component before 3.3.0 for Craft CMS allows Server-Side Template Injection that leads to RCE via malformed data to the metacontainers controller.

Remediation

References

CVE-2020-9757

Related Vulnerabilities

WordPress Plugin Xorbin Analog Flash Clock Cross-Site Scripting (1.0)

Oracle Application Server Other Vulnerability (CVE-2004-2244)

Atlassian Jira Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2019-8447)

RubyGems Cryptographic Issues Vulnerability (CVE-2013-4287)

WordPress Plugin Social Connect Cross-Site Scripting (1.0.4)

Severity

High

Classification

CVE-2020-9757 CWE-138 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Tags

Missing Update Known Vulnerabilities