Description
Craft CMS through 3.0.34 allows remote authenticated administrators to read sensitive information via server-side template injection, as demonstrated by a {% string for craft.app.config.DB.user and craft.app.config.DB.password in the URI Format of the Site Settings, which causes a cleartext username and password to be displayed in a URI field.
Remediation
References
Related Vulnerabilities
Jenkins Improper Authentication Vulnerability (CVE-2017-2604)
WordPress Other Vulnerability (CVE-2005-2108)
WordPress Plugin Delete Comments By Status Multiple Cross-Site Scripting Vulnerabilities (1.5.2)
WordPress Plugin WordPress Landing Pages Multiple Unspecified Vulnerabilities (1.7.8)
WordPress Plugin WP Meta and Date Remover Cross-Site Request Forgery (1.7.5)