| 제목 | Code-Projects Simple Food Ordering System in PHP 1.0 Information Disclosure |
|---|
| 설명 | The Simple Food Ordering System in PHP contains a sensitive information disclosure vulnerability due to an exposed database backup file. The application stores a database dump file (food.sql) inside a publicly accessible directory within the web root. An attacker can directly access this file through the web server without authentication.
By visiting the exposed path /food/sql/food.sql, an attacker can download or view the full SQL database dump. The file contains database structure information and potentially sensitive data such as administrator accounts, usernames, password hashes, product information, and order records.
The issue exists because backup files are stored in the web-accessible directory and the server does not restrict access to .sql files. This misconfiguration allows unauthorized users to retrieve the database contents.
Successful exploitation may lead to sensitive data exposure, credential disclosure, and further attacks against the application using the leaked information |
|---|
| 원천 | ⚠️ https://github.com/ahmadmarz10-hub/CVEsMarz/blob/main/Simple%20Food%20Ordering%20System%20Information%20Disclosure%20%20.md |
|---|
| 사용자 | AhmadMarzouk (UID 95993) |
|---|
| 제출 | 2026. 03. 06. PM 11:42 (2 개월 ago) |
|---|
| 모더레이션 | 2026. 03. 21. AM 08:56 (14 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 352320 [code-projects Simple Food Ordering System 까지 1.0 Database Backup /food/sql/food.sql 권한 상승] |
|---|
| 포인트들 | 20 |
|---|