| Título | code-projects Online FIR System In PHP 1.0 Information Disclosure |
|---|
| Descrição | The Online FIR System in PHP v1.0 is vulnerable to Sensitive Information Disclosure due to an exposed SQL database backup file.
The application stores a database dump file (complaints.sql) inside a publicly accessible directory within the web root. Because the web server does not restrict access to .sql files, any unauthenticated user can directly access and download the database dump via HTTP.
The exposed file is accessible at:
http://localhost/Online_FIR_System/complaints.sql
Since SQL dump files contain the full database schema and stored application data, unauthorized users can retrieve sensitive information such as user accounts, complaint records, and administrative data.
Applications of this type typically manage complaint and user data through a MySQL backend, meaning exposed SQL files can reveal complete datasets including credentials and operational data .
This issue arises from improper server configuration and insecure storage of backup files in web-accessible locations. |
|---|
| Fonte | ⚠️ https://github.com/ahmadmarz10-hub/CVEsMarz/blob/main/Sensitive%20Information%20Disclosure%20in%20Online%20FIR%20System%20PHP%20Exposed%20Database%20Backup.md |
|---|
| Utilizador | AhmadMarzouk (UID 95993) |
|---|
| Submissão | 23/03/2026 18h29 (há 16 dias) |
|---|
| Moderação | 06/04/2026 10h09 (14 days later) |
|---|
| Estado | Aceite |
|---|
| Entrada VulDB | 355489 [code-projects Online FIR System 1.0 SQL Database Backup File /complaints.sql Divulgação de Informação] |
|---|
| Pontos | 20 |
|---|