What is CVE-2020-9757?

CVE-2020-9757 is a vulnerability in N/a. Published 2020-03-04.

Is CVE-2020-9757 known to be exploited?

10 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in N/a

CVE-2020-9757

The SEOmatic component before 3.3.0 for Craft CMS allows Server-Side Template Injection that leads to RCE via malformed data to the metacontainers controller.

EPSS: 0.943 (99.9th percentile) — read the EPSS interpretation.

Affected products

N/a — versions n/a

Public proof-of-concept exploits

ARPSyndicate/cvemon
ARPSyndicate/kenzer-templates
Elsfa7-110/kenzer-templates
HimmelAward/Goby_
NyxAzrael/Goby_
Z0fhack/Goby_
d4n-sec/d4n-sec.github.io
merlinepedra/nuclei-templates
merlinepedra25/nuclei-templates
sobinge/nuclei-templates

References

github.com/nystudio107/craft-seomatic/blob/v3/CHANGELOG.md (x_refsource_MISC)
github.com/giany/CVE/blob/master/CVE-2020-9757.txt (x_refsource_MISC)
github.com/nystudio107/craft-seomatic/commit/65ab659cb6c914c7ad671af1e417c0da24… (x_refsource_CONFIRM)
github.com/nystudio107/craft-seomatic/commit/a1c2cad7e126132d2442ec8ec8e9ab43df… (x_refsource_CONFIRM)

Frequently asked questions

What is CVE-2020-9757?: CVE-2020-9757 is a vulnerability in N/a. Published 2020-03-04.
Is CVE-2020-9757 known to be exploited?: 10 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.