Description
Craft CMS through 3.0.34 allows remote authenticated administrators to read sensitive information via server-side template injection, as demonstrated by a {% string for craft.app.config.DB.user and craft.app.config.DB.password in the URI Format of the Site Settings, which causes a cleartext username and password to be displayed in a URI field.
Remediation
References
Related Vulnerabilities
Apache Tomcat CVE-2012-5568 Vulnerability (CVE-2012-5568)
Apache HTTP Server Resource Management Errors Vulnerability (CVE-2012-4557)
WordPress Plugin 5gig Concerts Unspecified Vulnerability (1.0)
Django Improper Input Validation Vulnerability (CVE-2014-0480)
WordPress Plugin Simple Fields Cross-Site Scripting (1.4.11)