| Title | LearnHouse learnhouse 98dfad76aad70711a8113f6c1fdabfccf10509ca Exposure of Sensitive Information Through Metadata |
|---|
| Description | LearnHouse fails to sanitize EXIF metadata from user-uploaded images, exposing sensitive information including GPS coordinates, device details, camera information, and timestamps. When users upload profile pictures or course-related images captured from mobile devices, the platform stores and serves these files without stripping embedded metadata. Since LearnHouse courses can be publicly listed and indexed by search engines, any unauthorized actor can download these images and extract personal information using standard EXIF viewers. This poses significant privacy and safety risks, particularly for students, educators, and professionals using the platform. Attackers can determine users' home addresses, daily routines, and device information, enabling doxxing, stalking, or targeted harassment. The vulnerability affects all file upload endpoints and impacts the confidentiality of potentially thousands of users, including minors in educational settings. |
|---|
| Source | ⚠️ https://gist.github.com/KhanMarshaI/4a89e9d807094b6dd4a138bc5664e748 |
|---|
| User | KhanMarshal (UID 89610) |
|---|
| Submission | 10/13/2025 11:58 (6 months ago) |
|---|
| Moderation | 10/26/2025 17:08 (13 days later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 329947 [LearnHouse up to 98dfad76aad70711a8113f6c1fdabfccf10509ca Image information disclosure] |
|---|
| Points | 20 |
|---|