| Title | code-projects Patient Record Management System In PHP 1.0 Information Disclosure |
|---|
| Description | The Patient Record Management System in PHP v1.0 is vulnerable to Sensitive Information Disclosure due to an exposed SQL database backup file.
The application stores a database dump file (hcpms.sql) inside a publicly accessible directory within the web root. Because the web server does not restrict access to .sql files, any remote attacker can directly access and download the database dump without authentication.
The exposed file can be accessed at:
http://localhost/HCPMS%20PHP/Health%20Care%20Patient%20Record%20Management%20System/db/hcpms.sql
The SQL dump contains the complete database structure and application data. Since PHP applications often store sensitive user and system data in databases, exposing such files may lead to severe data leakage risks.
This vulnerability allows unauthorized users to retrieve sensitive information such as patient records, administrative credentials, and system data. |
|---|
| Source | ⚠️ https://github.com/ahmadmarz10-hub/CVEsMarz/blob/main/Sensitive%20Information%20Disclosure%20in%20Patient%20Record%20Management%20System%20PHP%20Exposed%20Database%20Backup.md |
|---|
| User | AhmadMarzook (UID 96211) |
|---|
| Submission | 03/25/2026 15:54 (16 days ago) |
|---|
| Moderation | 04/09/2026 11:52 (15 days later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 356513 [code-projects Patient Record Management System 1.0 SQL Database Backup File /db/hcpms.sql information disclosure] |
|---|
| Points | 20 |
|---|