| Título | code-projects Online Food Ordering System in PHP 1.0 Information Disclosure |
|---|
| Descripción | he Online Food Ordering System in PHP 1.0 contains a Sensitive Information Disclosure vulnerability due to an exposed database backup file located within a publicly accessible directory. The application stores a database dump file named localhost.sql inside the /dbfood/ directory, which is accessible through the web server without any authentication or access restrictions.
Because the database backup file is placed inside the web root directory, any remote user can directly access and download the file via a browser or automated tools. When the file is accessed through the URL http://localhost/dbfood/localhost.sql, the entire database dump is returned to the client, revealing the internal database structure and stored data.
The exposed SQL file may contain sensitive information such as administrator accounts, user credentials, order details, food product information, and other application data. Attackers can analyze the database dump to extract usernames, passwords, and other sensitive records. In many cases, such data can be used to gain unauthorized access to administrative panels, compromise user accounts, or perform further attacks against the application.
This vulnerability exists due to improper server configuration and insecure handling of database backups. The application fails to restrict access to .sql files and stores database backup files directly within a publicly accessible directory, allowing unauthorized users to retrieve sensitive data.
Successful exploitation of this vulnerability can result in disclosure of sensitive database information, credential exposure, and potential compromise of the application and its users. |
|---|
| Fuente | ⚠️ https://github.com/ahmadmarz10-hub/CVEsMarz/blob/main/Online%20Food%20Ordering%20System%20in%20PHP%201.0%20%E2%80%93%20Sensitive%20Information%20Disclosure.md |
|---|
| Usuario | AhmadMarzook (UID 96211) |
|---|
| Sumisión | 2026-03-10 22:26 (hace 2 meses) |
|---|
| Moderación | 2026-03-26 15:34 (16 days later) |
|---|
| Estado | Aceptado |
|---|
| Entrada de VulDB | 353642 [code-projects Online Food Ordering System 1.0 /dbfood/localhost.sql escalada de privilegios] |
|---|
| Puntos | 20 |
|---|