| 제목 | code-projects Online Library Management System in PHP 1.0 Information Disclosure |
|---|
| 설명 | The Online Library Management System in PHP v1.0 is vulnerable to Sensitive Information Disclosure due to an exposed SQL database backup file.
The application includes a database dump file (library.sql) within a publicly accessible directory under the web root. Because the web server does not restrict access to .sql files, any unauthenticated user can directly access and download the database dump via HTTP.
The exposed file can be accessed at:
http://localhost/Library/sql/library.sql
The database dump contains the full database schema and stored application data. This type of system typically manages sensitive information such as user accounts, student records, issued books, and administrative credentials.
Because the file is stored inside a web-accessible directory and lacks access control, attackers can retrieve sensitive data without authentication. |
|---|
| 원천 | ⚠️ https://github.com/ahmadmarz10-hub/CVEsMarz/blob/main/Sensitive%20Information%20Disclosure%20in%20Online%20Library%20Management%20System%20PHP%20Exposed%20Database%20Backup.md |
|---|
| 사용자 | AhmadMarzouk (UID 95993) |
|---|
| 제출 | 2026. 03. 31. PM 08:12 (10 날 ago) |
|---|
| 모더레이션 | 2026. 04. 09. PM 03:04 (9 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 356554 [code-projects Online Library Management System 1.0 SQL Database Backup File /sql/library.sql 정보 공개] |
|---|
| 포인트들 | 20 |
|---|