CVE-2018-20465
Craft CMS 3.x up to version 3.0.34 is vulnerable to a Server-Side Template Injection (SSTI) that allows remote authenticated administrators to read sensitive configuration data. The flaw is demonstrated by injecting a template snippet that accesses craft.app.config.DB.user and craft.app.config.DB...