| タイトル | LearnHouse learnhouse 98dfad76aad70711a8113f6c1fdabfccf10509ca Exposure of Sensitive Information Through Metadata |
|---|
| 説明 | LearnHouse fails to sanitize EXIF metadata from user-uploaded images, exposing sensitive information including GPS coordinates, device details, camera information, and timestamps. When users upload profile pictures or course-related images captured from mobile devices, the platform stores and serves these files without stripping embedded metadata. Since LearnHouse courses can be publicly listed and indexed by search engines, any unauthorized actor can download these images and extract personal information using standard EXIF viewers. This poses significant privacy and safety risks, particularly for students, educators, and professionals using the platform. Attackers can determine users' home addresses, daily routines, and device information, enabling doxxing, stalking, or targeted harassment. The vulnerability affects all file upload endpoints and impacts the confidentiality of potentially thousands of users, including minors in educational settings. |
|---|
| ソース | ⚠️ https://gist.github.com/KhanMarshaI/4a89e9d807094b6dd4a138bc5664e748 |
|---|
| ユーザー | KhanMarshal (UID 89610) |
|---|
| 送信 | 2025年10月13日 11:58 (6 月 ago) |
|---|
| モデレーション | 2025年10月26日 17:08 (13 days later) |
|---|
| ステータス | 承諾済み |
|---|
| VulDBエントリ | 329947 [LearnHouse 迄 98dfad76aad70711a8113f6c1fdabfccf10509ca Image 情報漏えい] |
|---|
| ポイント | 20 |
|---|