Russian Vulnerability Scanner Database

Back to List

CVE-2018-14716

Scores

EPSS

0.606medium60.6%
0%20%40%60%80%100%

Percentile: 60.6%

CVSS

7.5high3.x
0246810

CVSS Score: 7.5/10

All CVSS Scores

CVSS 3.x
7.5

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CVSS 2.0
5.0

Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

Description

A Server Side Template Injection (SSTI) was discovered in the SEOmatic plugin before 3.1.4 for Craft CMS, because requests that don’t match any elements incorrectly generate the canonicalUrl, and can lead to execution of Twig code.

Scaner-VS 7 — a modern vulnerability management solution

Uses this database for vulnerability detection. High-speed search, cross-platform, advanced configuration audit, and flexible filtering. Suitable for organizations of any size.
Learn more about Scaner-VS 7

Sources

nvd

CWEs

CWE-94

Exploits

Exploit ID: 45108

Source: exploitdb

URL: https://www.exploit-db.com/exploits/45108

Exploit ID: CVE-2018-14716

Source: github-poc

URL: https://github.com/0xB455/CVE-2018-14716

Vulnerable Software (1)

Type: Configuration

Vendor: *

Product: seomatic

Operating System: * * *

Trait: 
{  "cpe_match": [    {      "cpe23uri": "cpe:2.3:a:nystudio107:seomatic:*:*:*:*:*:craft_cms:*:*",      "versionEndExcluding": "3.1.4",      "vulnerable": true    }  ],  "operator": "OR"}

Source: nvd

End of list