| Título | code-projects Online Library Management System in PHP 1.0 Information Disclosure |
|---|
| Descrição | The Online Library Management System in PHP v1.0 is vulnerable to Sensitive Information Disclosure due to an exposed SQL database backup file.
The application includes a database dump file (library.sql) within a publicly accessible directory under the web root. Because the web server does not restrict access to .sql files, any unauthenticated user can directly access and download the database dump via HTTP.
The exposed file can be accessed at:
http://localhost/Library/sql/library.sql
The database dump contains the full database schema and stored application data. This type of system typically manages sensitive information such as user accounts, student records, issued books, and administrative credentials.
Because the file is stored inside a web-accessible directory and lacks access control, attackers can retrieve sensitive data without authentication. |
|---|
| Fonte | ⚠️ https://github.com/ahmadmarz10-hub/CVEsMarz/blob/main/Sensitive%20Information%20Disclosure%20in%20Online%20Library%20Management%20System%20PHP%20Exposed%20Database%20Backup.md |
|---|
| Utilizador | AhmadMarzouk (UID 95993) |
|---|
| Submissão | 31/03/2026 20h12 (há 10 dias) |
|---|
| Moderação | 09/04/2026 15h04 (9 days later) |
|---|
| Estado | Aceite |
|---|
| Entrada VulDB | 356554 [code-projects Online Library Management System 1.0 SQL Database Backup File /sql/library.sql Divulgação de Informação] |
|---|
| Pontos | 20 |
|---|