VWE-2018-4620
Return to current revision
Differences in Content
-
[template]Vulnerability
| cve=
| aka=
| severity=High
| difficulty=Easy
| description=Legal. Under some versions of PHP, a user may be able to successfully upload a JPG image containing XMP metadata that is not preserved in resized versions of the image.
| lite=no
| discover-date=July 18, 2018
| patch-date=July 18, 2018
| patches=4.0.23 Patch Level 1
4.0.22 Patch Level 3
4.0.21 Patch Level 4
4.0.20 Patch Level 7
4.0.19 Patch Level 10 -
+workaround=In the Wiki admin panel, go to Content > Attachments, and for all filetypes with a JPG-related mime-type, set "Is this an image type?" = No.
-
[/template]