Vulnerability Details : CVE-2018-14716
Public exploit exists!
A Server Side Template Injection (SSTI) was discovered in the SEOmatic plugin before 3.1.4 for Craft CMS, because requests that don't match any elements incorrectly generate the canonicalUrl, and can lead to execution of Twig code.
Products affected by CVE-2018-14716
- cpe:2.3:a:nystudio107:seomatic:*:*:*:*:*:craft_cms:*:*
Exploit prediction scoring system (EPSS) score for CVE-2018-14716
4.01%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 92 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2018-14716
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:P/I:N/A:N |
10.0
|
2.9
|
NIST | |
7.5
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
3.9
|
3.6
|
NIST |
CWE ids for CVE-2018-14716
-
The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.Assigned by: nvd@nist.gov (Primary)
References for CVE-2018-14716
-
https://www.exploit-db.com/exploits/45108/
Craft CMS SEOmatic plugin 3.1.4 - Server-Side Template InjectionExploit;Third Party Advisory;VDB Entry
-
https://github.com/nystudio107/craft-seomatic/releases/tag/3.1.4
Release Version 3.1.4 · nystudio107/craft-seomatic · GitHubPatch;Vendor Advisory
-
https://twitter.com/nystudio107/status/1021855169515057152
nystudio107 on Twitter: "The researcher in question was awesome, by the way. I'm glad he was responsible and disclosed it to me ahead of time! Here's my response to his article that he wrote up.… httpVendor Advisory
-
http://ha.cker.info/exploitation-of-server-side-template-injection-with-craft-cms-plguin-seomatic/
Exploitation of Server Side Template Injection with Craft CMS plugin SEOmatic | Can I Haz SecurityThird Party Advisory
-
https://twitter.com/nystudio107/status/1021847835418009605
nystudio107 on Twitter: "📣 PSA: If you're using SEOmatic for Craft CMS 3, I've been alerted to a potential security vulnerability that will be disclosed in the coming days It's a bit obtuse, but it wVendor Advisory
-
https://github.com/nystudio107/craft-seomatic/commit/1e7d1d084ac3a89e7ec70620f2749110508d1ce1
Changed the way requests that don't match any elements generate the `… · nystudio107/craft-seomatic@1e7d1d0 · GitHubVendor Advisory
Jump to