Craft CMS Missing Encryption of Sensitive Data Vulnerability - CVE-2018-20465
Craft CMS through 3.0.34 allows remote authenticated administrators to read sensitive information via server-side template injection as demonstrated by a string for craft.app.config.DB.user and craft.app.config.DB.password in the URI Format of the Site Settings which causes a cleartext username and password to be displayed in a URI field.