PT-2026-40942 · Givanz+1 · Vvveb
Basant Kumar
+1
·
Published
2026-05-14
·
Updated
2026-05-14
·
CVE-2026-41933
CVSS v4.0
6.9
Medium
| Vector | AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N |
Name of the Vulnerable Software and Affected Versions
Vvveb versions prior to 1.0.8.3
Description
An information disclosure issue allows unauthenticated attackers to enumerate files and directories. This occurs because multiple paths lack proper index directives in .htaccess files, which are configuration files used by Apache web servers to control directory-level settings. Attackers can access admin asset paths, plugins, themes, and media folders to view filenames, file sizes, modification timestamps, and unrendered admin templates that contain sensitive route maps.
Recommendations
Update Vvveb to version 1.0.8.3 or later.
Exploit
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Vvveb