Phuctam

**Name of the Vulnerable Software and Affected Versions** Craft CMS versions 3.0.0 through 3.0.34 **Description** The issue allows remote authenticated administrators to read sensitive information via server-side template injection. This can be demonstrated by a `{%` string for `craft.app.config.DB.user` and `craft.app.config.DB.password` in the URI Format of the Site Settings. As a result, a cleartext username and password can be displayed in a URI field. **Recommendations** For Craft CMS versions 3.0.0 through 3.0.34, consider updating to a version that contains a fix for this issue, as no specific mitigation measures are provided for these versions. At the moment, there is no information about a newer version that contains a fix for this vulnerability.