| Title | code-projects Movie Ticketing System in PHP 1.0 Information Disclosure |
|---|
| Description | The Movie Ticketing System in PHP v1.0 is vulnerable to Sensitive Information Disclosure due to an exposed SQL database backup file.
The application stores a database dump file (moviedb.sql) inside a publicly accessible directory within the web root. Because the web server does not restrict access to .sql files, any remote attacker can directly access and download the database dump without authentication.
The exposed file can be accessed at:
http://localhost/movie/db/moviedb.sql
The SQL dump file contains the full database structure and stored application data. Since this application is built using PHP and MySQL, it stores sensitive operational data such as user accounts, booking information, and administrative credentials in the database.
Because the file is publicly accessible, an attacker can retrieve sensitive information directly through the browser without any authentication.
|
|---|
| Source | ⚠️ https://github.com/ahmadmarz10-hub/CVEsMarz/blob/main/Sensitive%20Information%20Disclosure%20in%20Movie%20Ticketing%20System%20PHP%20Exposed%20Database%20Backup.md |
|---|
| User | AhmadMarzook (UID 96211) |
|---|
| Submission | 03/26/2026 18:12 (15 days ago) |
|---|
| Moderation | 04/08/2026 21:07 (13 days later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 356373 [code-projects Movie Ticketing System 1.0 SQL Database Backup File /db/moviedb.sql information disclosure] |
|---|
| Points | 20 |
|---|