Server-Side Template Injection in Craft CMS Affects Web Applications
CVE-2018-20465
7.2HIGH
What is CVE-2018-20465?
Craft CMS version 3.0.34 is susceptible to a server-side template injection vulnerability that allows authenticated administrators to inadvertently expose sensitive information. By manipulating server-side templates, attackers can extract critical database credentials, including the database username and password, which are displayed in the URI of the application settings. This vulnerability underscores the importance of securing template rendering environments to prevent unauthorized data disclosure.