| Название | givanz Vvveb Vvveb 1.0.7.2 Exposure of Sensitive Information Through Metadata |
|---|
| Описание | Vvveb CMS fails to strip EXIF and other metadata from uploaded images, potentially exposing sensitive personal information. When users upload images containing metadata (such as GPS coordinates, camera details, timestamps, device information, or other PII), this information remains embedded and accessible to anyone who can download the images. The vulnerability affects all image upload functionality including product images, post/page media, profile pictures, and frontend assets. Attackers can extract this metadata from publicly accessible images to gather intelligence about users, their locations, devices, and other sensitive information that could be used for social engineering or targeted attacks. |
|---|
| Источник | ⚠️ https://gist.github.com/KhanMarshaI/9a1a5b72ff7a0a9d180ca77d26814bc7 |
|---|
| Пользователь | KhanMarshal (UID 89610) |
|---|
| Представление | 17.09.2025 12:13 (7 месяцы назад) |
|---|
| Модерация | 26.09.2025 10:24 (9 days later) |
|---|
| Статус | принято |
|---|
| Запись VulDB | 325966 [givanz Vvveb до 1.0.7.2 Image раскрытие информации] |
|---|
| Баллы | 20 |
|---|