| タイトル | code-projects Online Library Management System in PHP 1.0 Information Disclosure |
|---|
| 説明 | The Online Library Management System in PHP v1.0 is vulnerable to Sensitive Information Disclosure due to an exposed SQL database backup file.
The application includes a database dump file (library.sql) within a publicly accessible directory under the web root. Because the web server does not restrict access to .sql files, any unauthenticated user can directly access and download the database dump via HTTP.
The exposed file can be accessed at:
http://localhost/Library/sql/library.sql
The database dump contains the full database schema and stored application data. This type of system typically manages sensitive information such as user accounts, student records, issued books, and administrative credentials.
Because the file is stored inside a web-accessible directory and lacks access control, attackers can retrieve sensitive data without authentication. |
|---|
| ソース | ⚠️ https://github.com/ahmadmarz10-hub/CVEsMarz/blob/main/Sensitive%20Information%20Disclosure%20in%20Online%20Library%20Management%20System%20PHP%20Exposed%20Database%20Backup.md |
|---|
| ユーザー | AhmadMarzouk (UID 95993) |
|---|
| 送信 | 2026年03月31日 20:12 (10 日 ago) |
|---|
| モデレーション | 2026年04月09日 15:04 (9 days later) |
|---|
| ステータス | 承諾済み |
|---|
| VulDBエントリ | 356554 [code-projects Online Library Management System 1.0 SQL Database Backup File /sql/library.sql 情報漏えい] |
|---|
| ポイント | 20 |
|---|