CVE-2019-10675 – ** DISPUTED ** WordPress 5.1.1 allows remote authenticated authors to obtain sensitive inf …

CVE-2019-10675 – DISPUTED WordPress 5.1.1 allows remote authenticated authors to obtain sensitive inf …

31 March 2019

Vuln ID: CVE-2019-10675

Published: 2019-03-31 19:29:00Z

Description: ** DISPUTED ** WordPress 5.1.1 allows remote authenticated authors to obtain sensitive information via a modified PNG file to the wp-admin/media-new.php?browser-uploader Media Uploader feature, which reveals the full path in a wp-includes/functions.php exif_imagetype() error message, even when the "display_errors = Off" setting is used and wp_config.php has debugging disabled. NOTE: the vendor cannot reproduce this.

Source: NVD.NIST.GOV

Date:

31 March 2019

Categorie(s):

NVD

Tag(s):

NVD

Hyperbole, Misinformation, and CyberMonsters Under the Bed2 May 2024
StrongDM raises $34M to enhance zero-trust privileged access management2 May 2024
1Password launches Extended Access Management to secure unmanaged apps and devices2 May 2024
Edgio launches edge-enabled attack surface management to bolster continuous web application security2 May 2024
LayerX Security Raises $24M for its Browser Security Platform, Enabling Employees to Work Securely from Any Browser, Anywhere2 May 2024