Description

Craft CMS through 3.0.34 allows remote authenticated administrators to read sensitive information via server-side template injection, as demonstrated by a {% string for craft.app.config.DB.user and craft.app.config.DB.password in the URI Format of the Site Settings, which causes a cleartext username and password to be displayed in a URI field.

Remediation

References

CVE-2018-20465

Related Vulnerabilities

Joomla Improper Input Validation Vulnerability (CVE-2016-8869)

MySQL CVE-2021-2010 Vulnerability (CVE-2021-2010)

PostgreSQL Out-of-bounds Write Vulnerability (CVE-2015-0242)

WordPress Plugin Broken Link Checker Cross-Site Scripting (1.10.1)

WordPress Plugin JupiterX Core Multiple Vulnerabilities (2.0.6)

Severity

High

Classification

CVE-2018-20465 CWE-311 CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Tags

Missing Update Known Vulnerabilities