7.2

CVSS Score

3.0

Basic Information

CVE ID

CVE-2018-20465

GHSA ID

GHSA-j7fx-v37j-v3w7

EPSS Score

0.70265%

CWE

CWE-311

Published

5/13/2022

Updated

4/25/2024

KEV Status

Technology

PHP

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2018-20465

CVE-2018-20465: Craft CMS Vulnerable to Server-Side Template Injection

Craft CMS through 3.0.34 allows remote authenticated administrators to read sensitive information via server-side template injection, as demonstrated by a {% string for craft.app.config.DB.user and craft.app.config.DB.password in the URI Format of the Site Settings, which causes a cleartext username and password to be displayed in a URI field.

(GitHub Advisory)

7.2

CVSS Score

3.0

Basic Information

CVE ID

CVE-2018-20465

GHSA ID

GHSA-j7fx-v37j-v3w7

EPSS Score

0.70265%

CWE

CWE-311

Published

5/13/2022

Updated

4/25/2024

KEV Status

Technology

PHP

Technical Details

CVSS Vector

CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
craftcms/cms	composer	<= 3.0.34

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The vulnerability stems from unsanitized Twig template evaluation in the URI Format field. Craft CMS's View::renderString() is the primary Twig rendering function that would execute user-provided template code (like {% ... %} blocks). The Sites::saveSite() method is implicated because it processes the vulnerable URI Format input without neutralizing template syntax. The high confidence in View::renderString() comes from its direct role in template evaluation, while Sites::saveSite() has medium confidence due to inferred input handling without explicit code evidence.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

*r**t *MS t*rou** *.*.** *llows r*mot* *ut**nti**t** **ministr*tors to r*** s*nsitiv* in*orm*tion vi* s*rv*r-si** t*mpl*t* inj**tion, *s **monstr*t** *y * `{%` strin* *or `*r**t.*pp.*on*i*.**.us*r` *n* `*r**t.*pp.*on*i*.**.p*sswor*` in t** URI *orm*t

Reasoning

T** vuln*r**ility st*ms *rom uns*nitiz** Twi* t*mpl*t* *v*lu*tion in t** URI *orm*t *i*l*. *r**t *MS's `Vi*w::r*n**rStrin*()` is t** prim*ry Twi* r*n**rin* *un*tion t**t woul* *x**ut* us*r-provi*** t*mpl*t* *o** (lik* {% ... %} *lo*ks). T** `Sit*s::s

7.2

Basic Information

Concerned about an active attack path?

CVE-2018-20465: Craft CMS Vulnerable to Server-Side Template Injection

7.2

Basic Information

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability Intelligence
Miggo AI