Craft CMS up to and including 3.0.34 allows remote authenticated administrators to read sensitive information via server-side template injection, as demonstrated by a {% string for craft.app.config.DB.user and craft.app.config.DB.password in the URI Format of the Site Settings, which causes a cleartext username and password to be displayed in a URI field.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
craftcms craft cms |