| 제목 | givanz Vvveb Vvveb 1.0.7.2 Exposure of Sensitive Information Through Metadata |
|---|
| 설명 | Vvveb CMS fails to strip EXIF and other metadata from uploaded images, potentially exposing sensitive personal information. When users upload images containing metadata (such as GPS coordinates, camera details, timestamps, device information, or other PII), this information remains embedded and accessible to anyone who can download the images. The vulnerability affects all image upload functionality including product images, post/page media, profile pictures, and frontend assets. Attackers can extract this metadata from publicly accessible images to gather intelligence about users, their locations, devices, and other sensitive information that could be used for social engineering or targeted attacks. |
|---|
| 원천 | ⚠️ https://gist.github.com/KhanMarshaI/9a1a5b72ff7a0a9d180ca77d26814bc7 |
|---|
| 사용자 | KhanMarshal (UID 89610) |
|---|
| 제출 | 2025. 09. 17. PM 12:13 (7 개월 ago) |
|---|
| 모더레이션 | 2025. 09. 26. AM 10:24 (9 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 325966 [givanz Vvveb 까지 1.0.7.2 Image 정보 공개] |
|---|
| 포인트들 | 20 |
|---|