mirror of
https://github.com/0xMarcio/cve.git
synced 2026-05-31 10:09:29 +02:00
0xMarcio
824 B
824 B
CVE-2019-14280
Description
In some circumstances, Craft 2 before 2.7.10 and 3 before 3.2.6 wasn't stripping EXIF data from user-uploaded images when it was configured to do so, potentially exposing personal/geolocation data to the public.
POC
Reference
- http://packetstormsecurity.com/files/154276/Craft-CMS-2.7.9-3.2.5-Information-Disclosure.html
- http://packetstormsecurity.com/files/154276/Craft-CMS-2.7.9-3.2.5-Information-Disclosure.html
Github
No PoCs found on GitHub currently.