| タイトル | Code-Projects Simple Food Ordering System in PHP 1.0 Information Disclosure |
|---|
| 説明 | The Simple Food Ordering System in PHP contains a sensitive information disclosure vulnerability due to an exposed database backup file. The application stores a database dump file (food.sql) inside a publicly accessible directory within the web root. An attacker can directly access this file through the web server without authentication.
By visiting the exposed path /food/sql/food.sql, an attacker can download or view the full SQL database dump. The file contains database structure information and potentially sensitive data such as administrator accounts, usernames, password hashes, product information, and order records.
The issue exists because backup files are stored in the web-accessible directory and the server does not restrict access to .sql files. This misconfiguration allows unauthorized users to retrieve the database contents.
Successful exploitation may lead to sensitive data exposure, credential disclosure, and further attacks against the application using the leaked information |
|---|
| ソース | ⚠️ https://github.com/ahmadmarz10-hub/CVEsMarz/blob/main/Simple%20Food%20Ordering%20System%20Information%20Disclosure%20%20.md |
|---|
| ユーザー | AhmadMarzouk (UID 95993) |
|---|
| 送信 | 2026年03月06日 23:42 (2 月 ago) |
|---|
| モデレーション | 2026年03月21日 08:56 (14 days later) |
|---|
| ステータス | 承諾済み |
|---|
| VulDBエントリ | 352320 [code-projects Simple Food Ordering System 迄 1.0 Database Backup /food/sql/food.sql 特権昇格] |
|---|
| ポイント | 20 |
|---|