CVE-2022-0724

EPSS 0.46%

Insecure Storage of Sensitive Information in Microweber

Published: 2/24/2022Modified: 12/5/2024

Description

Microweber prior to version 1.3 does not strip images of EXIF data, exposing information about users' locations, device hardware, and device software.

Affected packages (1)

Packagist/microweber/microweberfrom 0, < 1.3

References (4)

ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2022-0724
PATCHhttps://github.com/microweber/microweber
WEBhttps://github.com/microweber/microweber/commit/b592c86d2b927c0cae5b73b87fb541f25e777aa3
WEBhttps://huntr.dev/bounties/0cdc4a29-dada-4264-b326-8b65b4f11062