Published: 26/07/2019 Updated: 02/09/2019

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

CVSS v3 Base Score: 5.3 | Impact Score: 1.4 | Exploitability Score: 3.9

VMScore: 505

Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

In some circumstances, Craft 2 prior to 2.7.10 and 3 prior to 3.2.6 wasn't stripping EXIF data from user-uploaded images when it was configured to do so, potentially exposing personal/geolocation data to the public.

Vulnerable Product	Search on Vulmon	Subscribe to Product
craftcms craft cms

# Exploit Title : CraftCms Users information disclosure From uploaded File # Author [Discovered By] : Mohammed Abdul Raheem # Author's [Company Name] : TrekShield IT Solution # Author [Exploit-db] : wwwexploit-dbcom/?author=9783 # Found Vulnerability On : 20-07-2019 # Vendor Homepage:craftcmscom/ # Software Information Link: http ...

Craft CMS versions 279 and 325 suffers from an information disclosure vulnerability ...

CWE-200 https://github.com/craftcms/cms/blob/develop-v2/CHANGELOG-v2.md#2710---2019-07-24 https://github.com/craftcms/cms/blob/develop/CHANGELOG-v3.md#326---2019-07-23 http://packetstormsecurity.com/files/154276/Craft-CMS-2.7.9-3.2.5-Information-Disclosure.html https://nvd.nist.gov https://www.exploit-db.com/exploits/47343

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2019-14280

Vulnerability Summary

Vulnerability Trend

Exploits

References

Vulmon Search

About

Products

Connect