CVE-2021-41749

Severity CVSS v4.0:
Pending analysis
Type:
CWE-94 Code Injection
Publication date:
12/06/2022
Last modified:
17/06/2022

Description

In the SEOmatic plugin up to 3.4.11 for Craft CMS 3, it is possible for unauthenticated attackers to perform a Server-Side Template Injection, allowing for remote code execution.

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:nystudio107:seomatic:*:*:*:*:*:craft_cms:*:* 3.4.11 (including)