Lucene search
MitreCVELIST:CVE-2018-20465HistoryDec 25, 2018 - 11:00 p.m.
CVE-2018-20465
2018-12-2523:00:00
mitre
www.cve.org
Craft CMS through 3.0.34 allows remote authenticated administrators to read sensitive information via server-side template injection, as demonstrated by a {% string for craft.app.config.DB.user and craft.app.config.DB.password in the URI Format of the Site Settings, which causes a cleartext username and password to be displayed in a URI field.
Related
osv
osv
Craft CMS Vulnerable to Server-Side Template Injection
2022-05-13 01:51:05
CVE-2018-20465
2018-12-25 23:29:00
nvd
nvd
CVE-2018-20465
2018-12-25 23:29:00
cve
cve
CVE-2018-20465
2018-12-25 23:29:00
veracode
veracode
Privilege Escalation
2018-12-26 06:27:10
prion
prion
Design/Logic Flaw
2018-12-25 23:29:00
github
github
Craft CMS Vulnerable to Server-Side Template Injection
2022-05-13 01:51:05