| Title | Code-Projects Simple Food Ordering System in PHP 1.0 Information Disclosure |
|---|
| Description | The Simple Food Ordering System in PHP contains a sensitive information disclosure vulnerability due to an exposed database backup file. The application stores a database dump file (food.sql) inside a publicly accessible directory within the web root. An attacker can directly access this file through the web server without authentication.
By visiting the exposed path /food/sql/food.sql, an attacker can download or view the full SQL database dump. The file contains database structure information and potentially sensitive data such as administrator accounts, usernames, password hashes, product information, and order records.
The issue exists because backup files are stored in the web-accessible directory and the server does not restrict access to .sql files. This misconfiguration allows unauthorized users to retrieve the database contents.
Successful exploitation may lead to sensitive data exposure, credential disclosure, and further attacks against the application using the leaked information |
|---|
| Source | ⚠️ https://github.com/ahmadmarz10-hub/CVEsMarz/blob/main/Simple%20Food%20Ordering%20System%20Information%20Disclosure%20%20.md |
|---|
| User | AhmadMarzouk (UID 95993) |
|---|
| Submission | 03/06/2026 23:42 (2 months ago) |
|---|
| Moderation | 03/21/2026 08:56 (14 days later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 352320 [code-projects Simple Food Ordering System up to 1.0 Database Backup /food/sql/food.sql file access] |
|---|
| Points | 20 |
|---|