CVE-2021-41749

Improper Control of Generation of Code ('Code Injection') in packagist/nystudio107/craft-seomatic

Identifiers

CVE-2021-41749

Package Slug

packagist/nystudio107/craft-seomatic

Vulnerability

Improper Control of Generation of Code ('Code Injection')

Description

In the SEOmatic plugin up to 3.4.11 for Craft CMS 3, it is possible for unauthenticated attackers to perform a Server-Side Template Injection, allowing for remote code execution.

Affected Versions

All versions up to 3.4.11

Solution

Upgrade to version 3.4.12 or above.

Last Modified

2022-06-19

source