CVE-2021-41749
packagist/nystudio107/craft-seomatic
Improper Control of Generation of Code ('Code Injection')
In the SEOmatic plugin up to 3.4.11 for Craft CMS 3, it is possible for unauthenticated attackers to perform a Server-Side Template Injection, allowing for remote code execution.
All versions up to 3.4.11
Upgrade to version 3.4.12 or above.
2022-06-19
source |