Vulnerability in N/a

CVE-2021-41749

In the SEOmatic plugin up to 3.4.11 for Craft CMS 3, it is possible for unauthenticated attackers to perform a Server-Side Template Injection, allowing for remote code execution.

EPSS: 0.858 (99.4th percentile) — read the EPSS interpretation.

Affected products

N/a — versions n/a

References

github.com/nystudio107/craft-seomatic/blob/develop/CHANGELOG.md (x_refsource_MISC)
github.com/nystudio107/craft-seomatic/commit/3fee7d50147cdf3f999cfc1e04cbc3fb3d… (x_refsource_MISC)