Submit #657181: givanz Vvveb Vvveb 1.0.7.2 Information Disclosureinfo

Titelgivanz Vvveb Vvveb 1.0.7.2 Information Disclosure
BeschreibungA vulnerability in Vvveb CMS allows remote attackers to access sensitive configuration files and system information through direct HTTP requests. The default installation lacks proper access controls, enabling unauthorized retrieval of files including composer.json, docker-compose.yaml, php.ini, nginx configuration files, and build scripts. The docker-compose.yaml file contains database credentials (username: vvveb, password: vvveb) which could be reused for admin panel access or other services.
Quelle⚠️ https://gist.github.com/KhanMarshaI/14b48f974cbdaa3278a81a169e4caae1
Benutzer
 KhanMarshal (UID 89610)
Einreichung17.09.2025 12:07 (vor 7 Monaten)
Moderieren26.09.2025 10:24 (9 days later)
StatusAkzeptiert
VulDB Eintrag325964 [givanz Vvveb bis 1.0.7.2 Configuration File Information Disclosure]
Punkte20

ZurückÜbersichtWeiter

Might our Artificial Intelligence support you?

Check our Alexa App!