cvedb.io
CVE-2018-14716
HIGH · CVSS 7.5
EPSS exploitation probability: 0%
Published 2018-08-06T20:29:01.490 · Last modified 2026-06-17T01:41:30.080

Summary

A Server Side Template Injection (SSTI) was discovered in the SEOmatic plugin before 3.1.4 for Craft CMS, because requests that don't match any elements incorrectly generate the canonicalUrl, and can lead to execution of Twig code.

Affected products

nystudio107 — seomatic

Does this affect you?

Add your gear to cvedb and we'll alert you only when nystudio107 ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.