Primary

Context

Vvveb Directory Listing Information Disclosure Vulnerability

Vulnerability

A directory listing information disclosure vulnerability has been identified in Vvveb versions prior to 1.0.8.3. This vulnerability allows unauthenticated attackers to enumerate files and directories by accessing multiple paths that lack proper index directives in .htaccess files. Exploitation of this vulnerability enables access to directories such as admin asset paths, plugins, themes, and media folders, where attackers can view filenames, file sizes, modification timestamps, and unrendered admin templates containing sensitive route maps.

Impact

Exploitation of this vulnerability could lead to unauthorized access to sensitive information, including file names, sizes, modification dates, and unrendered admin templates with critical route maps.

Remediation

Users can update to Vvveb version 1.0.8.3 or later, where this vulnerability has been fixed.

Added: May 14, 2026, 3:34 PM

Updated: May 14, 2026, 3:34 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

8.1

remediation

0.0

relevance

8.3

threat

3.2

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

8.1

remediation

0.0

relevance

8.3

threat

3.2

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vvveb Directory Listing Information Disclosure Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Vvveb

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating