CVE-2023-29850
published 2023-04-14CVE-2023-29850: SENAYAN Library Management System (SLiMS) Bulian v9.5.2 does not strip exif data from uploaded images. This allows attackers to obtain information such as the…
PriorityP337high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
EPSS
0.74%
50.0th percentile
SENAYAN Library Management System (SLiMS) Bulian v9.5.2 does not strip exif data from uploaded images. This allows attackers to obtain information such as the user's geolocation and device information.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| facturascripts | facturascripts | 0 – 2025.81 | — |
| slims | senayan_library_management_system | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
FacturaScripts Vulnerable to Unstripped Image Metadata (EXIF) Leakage via Library Module File Upload/Download
ghsa·2026-05-07
CVE-2026-27892 [MEDIUM] CWE-200 FacturaScripts Vulnerable to Unstripped Image Metadata (EXIF) Leakage via Library Module File Upload/Download
FacturaScripts Vulnerable to Unstripped Image Metadata (EXIF) Leakage via Library Module File Upload/Download
## Summary
**Fectura Scripts** is an open-source ERP application, a **sensitive information disclosure vulnerability** was identified in the **Library** module's image upload and download pipeline. The application fails to strip EXIF and other embedded metadata from user-uploaded image files before storing them and serving them for download. As a result, any authenticated user who downloads an image from the Library can extract the original uploader's **GPS coordinates, device information, timestamps, embedded comments/notes, thumbnail previews, and other personally identifiable information (PII)** preserved in the image metadata.
This vulnerability carries significant real-worl
GHSA
GHSA-5jcc-wrcp-3mxc: SENAYAN Library Management System (SLiMS) Bulian v9
ghsa_unreviewed·2023-04-14
CVE-2023-29850 [HIGH] CWE-203 GHSA-5jcc-wrcp-3mxc: SENAYAN Library Management System (SLiMS) Bulian v9
SENAYAN Library Management System (SLiMS) Bulian v9.5.2 does not strip exif data from uploaded images. This allows attackers to obtain information such as the user's geolocation and device information.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2023-04-14
Published