Vulnerabilities

CVE-2019-14280

by Fred · 25/07/2019

In some circumstances, Craft 2 before 2.7.10 and 3 before 3.2.6 wasn’t stripping EXIF data from user-uploaded images when it was configured to do so, potentially exposing personal/geolocation data to the public.

Date published : 2019-07-25

http://packetstormsecurity.com/files/154276/Craft-CMS-2.7.9-3.2.5-Information-Disclosure.html

https://github.com/craftcms/cms/blob/develop-v2/CHANGELOG-v2.md#2710—2019-07-24

Similar

Tags: Cybersecurity Alert