Craft CMS through 3.0.34 allows remote authenticated administrators to read sensitive information via server-side template injection, as demonstrated by a {% string for craft.app.config.DB.user and craft.app.config.DB.password in the URI Format of the Site Settings, which causes a cleartext username and password to be displayed in a URI field.
CPE | Name | Operator | Version |
---|---|---|---|
cms | eq | 2.6.2776 | |
cms | eq | 2.2.2604 | |
cms | eq | 1.4.0-alpha.2506 | |
cms | eq | 3.0.0-beta.19 | |
cms | eq | 0.9.2204 | |
cms | eq | 1.3.2473 | |
cms | eq | 1.0.2278 | |
cms | eq | 1.4.0-alpha.2503 | |
cms | eq | 2.3.0-alpha.2602 | |
cms | eq | 2.5.0-beta.2722 |