CVE-2020-12790
Published
CVSS v3
7.5
HIGH
CVSS v2
5
MEDIUM
Affected
1
PROJECT
Description
In the SEOmatic plugin before 3.2.49 for Craft CMS, helpers/DynamicMeta.php does not properly sanitize the URL. This leads to Server-Side Template Injection and credentials disclosure via a crafted Twig template after a semicolon.
SEOmatic facilitates modern SEO best practices & implementation for Craft CMS 3. It is a turnkey SEO system that is comprehensive, powerful, and flexible.
GitHub