CVEs-PoC/2018/CVE-2018-14716.md at dc3bd6cd71a486f862e7cf4da52fce4cfeb10e52

CalvinBackup/CVEs-PoC

Fork 0

mirror of https://github.com/0xMarcio/cve.git synced 2026-05-07 21:46:40 +02:00

Files

T

0xMarcio 48a00929ac Removed duplicates

2024-06-18 02:51:15 +02:00

Description

A Server Side Template Injection (SSTI) was discovered in the SEOmatic plugin before 3.1.4 for Craft CMS, because requests that don't match any elements incorrectly generate the canonicalUrl, and can lead to execution of Twig code.

POC

Reference

http://ha.cker.info/exploitation-of-server-side-template-injection-with-craft-cms-plguin-seomatic/
https://www.exploit-db.com/exploits/45108/

Github

https://github.com/0xB455/CVE-2018-14716
https://github.com/ARPSyndicate/cvemon
https://github.com/Ginove/post

879 B Raw Blame History

CVE-2018-14716

Description

POC

Reference

Github

879 B

Raw Blame History