GHSA-g7xr-v82w-qggq

Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/06/GHSA-g7xr-v82w-qggq/GHSA-g7xr-v82w-qggq.json
Aliases
  • CVE-2021-41749
Published
2022-06-13T00:00:19Z
Modified
2022-06-20T22:35:33Z
Details

In the SEOmatic plugin up to 3.4.11 for Craft CMS 3, it is possible for unauthenticated attackers to perform a Server-Side Template Injection, allowing for remote code execution.

References

Affected packages

Packagist / nystudio107/craft-seomatic

nystudio107/craft-seomatic

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0
Fixed
3.4.11

Affected versions