CVE-2021-44618

Server-side Template Injection in CraftCMS SEOmatic plugin by Nystudio107

Discovered by Jack Misiura on behalf of The Missing Link Security

Vulnerability Details

A Server-side Template Injection (SSTI) vulnerability in the CraftCMS Seomatic 3.4.11 and previous plugin by Nystudio107 allows injection of malicious server-side templates through manipulation of the request's host header. Successful exploitation of the issue may allow an unauthenticated attacker to execute arbitrary code on the web application's server.

Affected Versions

Discovered in 3.4.10

Fixed Versions

Fixed in 3.4.12

Latest News

5 Microsoft Power Platform Benefits That Will Transform Your Business

5 Key Takeaways from Early Adopters of Microsoft 365 Copilot

The Missing Link is recognised as Premier Service Delivery Partner by Netskope

See All News