| Title | givanz Vvveb Vvveb 1.0.7.2 Exposure of Sensitive Information Through Metadata |
|---|
| Description | Vvveb CMS fails to strip EXIF and other metadata from uploaded images, potentially exposing sensitive personal information. When users upload images containing metadata (such as GPS coordinates, camera details, timestamps, device information, or other PII), this information remains embedded and accessible to anyone who can download the images. The vulnerability affects all image upload functionality including product images, post/page media, profile pictures, and frontend assets. Attackers can extract this metadata from publicly accessible images to gather intelligence about users, their locations, devices, and other sensitive information that could be used for social engineering or targeted attacks. |
|---|
| Source | ⚠️ https://gist.github.com/KhanMarshaI/9a1a5b72ff7a0a9d180ca77d26814bc7 |
|---|
| User | KhanMarshal (UID 89610) |
|---|
| Submission | 09/17/2025 12:13 (7 months ago) |
|---|
| Moderation | 09/26/2025 10:24 (9 days later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 325966 [givanz Vvveb up to 1.0.7.2 Image information disclosure] |
|---|
| Points | 20 |
|---|