CVE-2023-29850
📋 TL;DR
SENAYAN Library Management System (SLiMS) Bulian v9.5.2 fails to strip EXIF metadata from uploaded images, allowing attackers to extract sensitive information including user geolocation and device details. This affects all SLiMS Bulian v9.5.2 installations that accept image uploads. The vulnerability exposes user privacy through metadata leakage.
💻 Affected Systems
- SENAYAN Library Management System (SLiMS) Bulian
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Attackers could map user locations, identify specific devices, track user movements over time, and potentially correlate this with other user data in the library system.
Likely Case
Attackers harvest geolocation data from uploaded images to build profiles of library users and their habits.
If Mitigated
With proper controls, only limited metadata exposure occurs, but user privacy remains at risk if images contain sensitive location data.
🎯 Exploit Status
Exploitation requires uploading images with EXIF data. Attackers can use standard image upload features. No authentication bypass needed if upload functionality is available to users.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: v9.5.3 or later
Vendor Advisory: https://github.com/slims/slims9_bulian/issues/186
Restart Required: No
Instructions:
1. Backup your SLiMS installation and database. 2. Download the latest version from the official repository. 3. Replace the affected files with patched versions. 4. Verify image upload functionality still works correctly.
🔧 Temporary Workarounds
Disable image uploads
allTemporarily disable all image upload functionality in SLiMS to prevent exploitation.
Modify SLiMS configuration to remove image upload features or restrict file uploads to administrators only.
Implement server-side EXIF stripping
linuxAdd server-side processing to strip EXIF data from uploaded images before storage.
Implement image processing script using tools like ImageMagick: 'convert input.jpg -strip output.jpg'
🧯 If You Can't Patch
- Implement web application firewall rules to block or sanitize image uploads containing EXIF data.
- Educate users to strip EXIF data from images before uploading using third-party tools.
🔍 How to Verify
Check if Vulnerable:
Upload a test image with EXIF metadata to SLiMS, then download it back and check if EXIF data remains intact using tools like exiftool.Check Version:
Check the SLiMS version in the system information panel or review the version.php file.Verify Fix Applied:
After patching, repeat the vulnerable check - uploaded images should have all EXIF metadata removed.📡 Detection & Monitoring
Log Indicators:
- Unusual volume of image uploads from single IP addresses
- Multiple image uploads in quick succession
Network Indicators:
- HTTP POST requests to image upload endpoints with image files
- Traffic patterns showing image uploads followed by immediate downloads
SIEM Query:
source="web_server" AND (uri_path="/upload" OR uri_path="/image") AND http_method="POST" AND content_type="image/*"