Submit #657181: givanz Vvveb Vvveb 1.0.7.2 Information Disclosureinfo

Titlegivanz Vvveb Vvveb 1.0.7.2 Information Disclosure
DescriptionA vulnerability in Vvveb CMS allows remote attackers to access sensitive configuration files and system information through direct HTTP requests. The default installation lacks proper access controls, enabling unauthorized retrieval of files including composer.json, docker-compose.yaml, php.ini, nginx configuration files, and build scripts. The docker-compose.yaml file contains database credentials (username: vvveb, password: vvveb) which could be reused for admin panel access or other services.
Source⚠️ https://gist.github.com/KhanMarshaI/14b48f974cbdaa3278a81a169e4caae1
User
 KhanMarshal (UID 89610)
Submission09/17/2025 12:07 (7 months ago)
Moderation09/26/2025 10:24 (9 days later)
StatusAccepted
VulDB entry325964 [givanz Vvveb up to 1.0.7.2 Configuration File information disclosure]
Points20

PreviousOverviewNext

Want to know what is going to be exploited?

We predict KEV entries!