Description
In some circumstances, Craft 2 before 2.7.10 and 3 before 3.2.6 wasn't stripping EXIF data from user-uploaded images when it was configured to do so, potentially exposing personal/geolocation data to the public.
Remediation
References
Related Vulnerabilities
WordPress Plugin Software License Manager Cross-Site Request Forgery (4.5.0)
MySQL CVE-2015-0499 Vulnerability (CVE-2015-0499)
Joomla Permissions, Privileges, and Access Controls Vulnerability (CVE-2008-3225)
WordPress Plugin JobBoardWP-Job Board Listings and Submissions Cross-Site Scripting (1.0.7)