EXIF Data Exposure Vulnerability in Craft CMS 2.x and 3.x

EXIF Data Exposure Vulnerability in Craft CMS 2.x and 3.x

CVE-2019-14280 · MEDIUM Severity

AV:N/AC:L/AU:N/C:P/I:N/A:N

In some circumstances, Craft 2 before 2.7.10 and 3 before 3.2.6 wasn't stripping EXIF data from user-uploaded images when it was configured to do so, potentially exposing personal/geolocation data to the public.

Learn more about our User Device Pen Test.