4 matches found
CVE-2019-14280
In some circumstances, Craft 2 before 2.7.10 and 3 before 3.2.6 wasn't stripping EXIF data from user-uploaded images when it was configured to do so, potentially exposing personal/geolocation data to the public...
Craft CMS 2.7.93.2.5 - Information Disclosure
Craft CMS 2.7.93.2.5 - Information Disclosure Exploit Title : CraftCms Users information disclosure From uploaded File Author Discovered By : Mohammed Abdul Raheem Author's Company Name : TrekShield IT Solution Author Exploit-db : https://www.exploit-db.com/?author=9783 Found Vulnerability On :...
Craft CMS 2.7.9/3.2.5 - Information Disclosure
Exploit Title : CraftCms Users information disclosure From uploaded File Author Discovered By : Mohammed Abdul Raheem Author's Company Name : TrekShield IT Solution Author Exploit-db : https://www.exploit-db.com/?author=9783 Found Vulnerability On : 20-07-2019 Vendor Homepage:https://craftcms.com...
CVE-2019-14280
CVE-2019-14280 affects Craft CMS (versions prior to 2.7.10 and 3 prior to 3.2.6). The issue is an information disclosure where EXIF data is not stripped from user-uploaded images when configured to do so, potentially exposing personal/geolocation data. Red Hat and NVD entries reiterate the vulner...