Server side template injection found in CraftCMS

It was discovered that Craft CMS is vulnerable to server-side template injection. An authenticated attacker can exploit this issue to compromise Craft CMS, for example by retrieving sensitive data from configuration files.

Full disclosure @Securify.nl