| 标题 | givanz Vvveb Vvveb 1.0.7.2 Exposure of Sensitive Information Through Metadata |
|---|
| 描述 | Vvveb CMS fails to strip EXIF and other metadata from uploaded images, potentially exposing sensitive personal information. When users upload images containing metadata (such as GPS coordinates, camera details, timestamps, device information, or other PII), this information remains embedded and accessible to anyone who can download the images. The vulnerability affects all image upload functionality including product images, post/page media, profile pictures, and frontend assets. Attackers can extract this metadata from publicly accessible images to gather intelligence about users, their locations, devices, and other sensitive information that could be used for social engineering or targeted attacks. |
|---|
| 来源 | ⚠️ https://gist.github.com/KhanMarshaI/9a1a5b72ff7a0a9d180ca77d26814bc7 |
|---|
| 用户 | KhanMarshal (UID 89610) |
|---|
| 提交 | 2025-09-17 12時13分 (7 月前) |
|---|
| 管理 | 2025-09-26 10時24分 (9 days later) |
|---|
| 状态 | 已接受 |
|---|
| VulDB条目 | 325966 [givanz Vvveb 直到 1.0.7.2 Image 信息公开] |
|---|
| 积分 | 20 |
|---|