cbcvebase.
CVE-2020-26220
published 2020-11-11

CVE-2020-26220: toucbase.ai before version 2.0 leaks information by not stripping exif data from images. Anyone with access to the uploaded image of other users could obtain…

PriorityP413low3.5CVSS 3.1
AVNACLPRLUIRSUCLINAN
EPSS
0.74%
50.1th percentile
toucbase.ai before version 2.0 leaks information by not stripping exif data from images. Anyone with access to the uploaded image of other users could obtain its geolocation, device, and software version data etc (if present. The issue is fixed in version 2.0.

Affected

2 ranges
VendorProductVersion rangeFixed in
puncskytouchbase.ai< 2.02.0
touchbase.ai_projecttouchbase.ai< 2.02.0

CVSS provenance

nvdv3.13.5LOWCVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N
nvdv2.03.5LOWAV:N/AC:M/Au:S/C:P/I:N/A:N
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.