Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2023-29850: EXIF Geolocation Data Not Stripped From Uploaded Images · Issue #186 · slims/slims9_bulian

SENAYAN Library Management System (SLiMS) Bulian v9.5.2 does not strip exif data from uploaded images. This allows attackers to obtain information such as the user’s geolocation and device information.

CVE
#vulnerability#windows#google#git#php#chrome

Describe the bug
When a user uploads an image in "SLiMS 9 Bulian official source code", the uploaded image’s EXIF Geolocation Data does not gets stripped. As a result, anyone can get sensitive information of “SLiMS 9 Bulian official source code” users like their Geolocation, their Device information like Device Name, Version, Software & Software version used etc.

CMS Version:
v9.5.2

Affected URL:
http://127.0.0.1/bulian/admin/index.php?mod=membership

To Reproduce
Steps to reproduce the behavior:

  1. Got to Github ( https://github.com/ianare/exif-samples/tree/master/jpg)
  2. There are lot of images having resolutions (i.e 1280 * 720 ) , and also whith different MB’s .
    login your admin panel and membership menu and upload photo in any member profile.
  3. see the path of uploaded image ( Either by right click on image then copy image address OR right click, inspect the image, the URL will come in the inspect , edit it as html )
  4. open it (https://www.verexif.com/en/index.php)
  5. See whether is that still showing exif data , if it is then Report it.

Proof Of Concept:
You can see the Proof of Concept. which I’ve attached screenshots and video to confirm the vulnerability.

Screenshots

Video

Desktop (please complete the following information):

  • OS: Windows 10
  • Browser: Google Chrome

Impact
This vulnerability is CRITICAL and impacts all the “SLiMS 9 Bulian official source code” customer base. This vulnerability violates the privacy of a User and shares sensitive information of the user who uploads an image on SLiMS 9 Bulian official.

Let me know if any further info is required.

Thanks & Regards
Rahad Chowdhury
Cyber Security Specialist
https://www.linkedin.com/in/rahadchowdhury

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907