EXIF Data Exposure Vulnerability in Craft CMS 2.x and 3.x
CVE-2019-14280 · MEDIUM Severity
AV:N/AC:L/AU:N/C:P/I:N/A:N
In some circumstances, Craft 2 before 2.7.10 and 3 before 3.2.6 wasn't stripping EXIF data from user-uploaded images when it was configured to do so, potentially exposing personal/geolocation data to the public.
Learn more about our User Device Pen Test.