Description
Craft CMS through 3.0.34 allows remote authenticated administrators to read sensitive information via server-side template injection, as demonstrated by a {% string for craft.app.config.DB.user and craft.app.config.DB.password in the URI Format of the Site Settings, which causes a cleartext username and password to be displayed in a URI field.
Remediation
References
Related Vulnerabilities
OpenSSL Improper Certificate Validation Vulnerability (CVE-2023-0464)
Sqlite Use After Free Vulnerability (CVE-2021-20227)
WordPress Plugin Tinymce Thumbnail Gallery 'href' Parameter Information Disclosure (1.0.7)
Drupal Core 7.x Cross-Site Request Forgery (7.0 - 7.12)
Apache Tomcat Insufficient Verification of Data Authenticity Vulnerability (CVE-2017-7674)