** DISPUTED ** WordPress 5.1.1 allows remote authenticated authors to obtain sensitive information via a modified PNG file to the wp-admin/media-new.php?browser-uploader Media Uploader feature, which reveals the full path in a wp-includes/functions.php exif_imagetype() error message, even when the "display_errors = Off" setting is used and wp_config.php has debugging disabled. NOTE: the vendor cannot reproduce this.

Source: CVE-2019-10675

댓글 남기기

이메일은 공개되지 않습니다. 필수 입력창은 * 로 표시되어 있습니다

Time limit is exhausted. Please reload the CAPTCHA.