| タイトル | code-projects Online FIR System In PHP 1.0 Information Disclosure |
|---|
| 説明 | The Online FIR System in PHP v1.0 is vulnerable to Sensitive Information Disclosure due to an exposed SQL database backup file.
The application stores a database dump file (complaints.sql) inside a publicly accessible directory within the web root. Because the web server does not restrict access to .sql files, any unauthenticated user can directly access and download the database dump via HTTP.
The exposed file is accessible at:
http://localhost/Online_FIR_System/complaints.sql
Since SQL dump files contain the full database schema and stored application data, unauthorized users can retrieve sensitive information such as user accounts, complaint records, and administrative data.
Applications of this type typically manage complaint and user data through a MySQL backend, meaning exposed SQL files can reveal complete datasets including credentials and operational data .
This issue arises from improper server configuration and insecure storage of backup files in web-accessible locations. |
|---|
| ソース | ⚠️ https://github.com/ahmadmarz10-hub/CVEsMarz/blob/main/Sensitive%20Information%20Disclosure%20in%20Online%20FIR%20System%20PHP%20Exposed%20Database%20Backup.md |
|---|
| ユーザー | AhmadMarzouk (UID 95993) |
|---|
| 送信 | 2026年03月23日 18:29 (17 日 ago) |
|---|
| モデレーション | 2026年04月06日 10:09 (14 days later) |
|---|
| ステータス | 承諾済み |
|---|
| VulDBエントリ | 355489 [code-projects Online FIR System 1.0 SQL Database Backup File /complaints.sql 情報漏えい] |
|---|
| ポイント | 20 |
|---|