Description

Craft CMS through 3.0.34 allows remote authenticated administrators to read sensitive information via server-side template injection, as demonstrated by a {% string for craft.app.config.DB.user and craft.app.config.DB.password in the URI Format of the Site Settings, which causes a cleartext username and password to be displayed in a URI field.

Remediation

References

CVE-2018-20465

Related Vulnerabilities

Apache Tomcat CVE-2012-5568 Vulnerability (CVE-2012-5568)

Apache HTTP Server Resource Management Errors Vulnerability (CVE-2012-4557)

WordPress Plugin 5gig Concerts Unspecified Vulnerability (1.0)

Django Improper Input Validation Vulnerability (CVE-2014-0480)

WordPress Plugin Simple Fields Cross-Site Scripting (1.4.11)

Severity

High

Classification

CVE-2018-20465 CWE-311 CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Tags

Missing Update Known Vulnerabilities