Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
Craft CMS Exposure of Sensitive Information to an Unauthorized Actor Vulnerability - CVE-2019-14280 - Vulnerability Database
Craft CMS

Craft CMS Exposure of Sensitive Information to an Unauthorized Actor Vulnerability - CVE-2019-14280

Medium
Reference: CVE-2019-14280
NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2019-14280
Title: Craft CMS Exposure of Sensitive Information to an Unauthorized Actor Vulnerability
Overview:

In some circumstances Craft 2 before 2.7.10 and 3 before 3.2.6 wasn39t stripping EXIF data from user-uploaded images when it was configured to do so potentially exposing personal/geolocation data to the public.