Description

Craft CMS through 3.0.34 allows remote authenticated administrators to read sensitive information via server-side template injection, as demonstrated by a {% string for craft.app.config.DB.user and craft.app.config.DB.password in the URI Format of the Site Settings, which causes a cleartext username and password to be displayed in a URI field.

Remediation

References

CVE-2018-20465

Related Vulnerabilities

Oracle Application Server Other Vulnerability (CVE-2006-3708)

MODX Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2016-10039)

WordPress Improper Input Validation Vulnerability (CVE-2013-2204)

WordPress Plugin Comment Extra Fields Multiple Cross-Site Scripting Vulnerabilities (1.7)

OpenSSL Use of a Broken or Risky Cryptographic Algorithm Vulnerability (CVE-2018-0737)

Severity

High

Classification

CVE-2018-20465 CWE-311 CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities