| Title | code-projects Online Library Management System in PHP 1.0 Information Disclosure |
|---|
| Description | The Online Library Management System in PHP v1.0 is vulnerable to Sensitive Information Disclosure due to an exposed SQL database backup file.
The application includes a database dump file (library.sql) within a publicly accessible directory under the web root. Because the web server does not restrict access to .sql files, any unauthenticated user can directly access and download the database dump via HTTP.
The exposed file can be accessed at:
http://localhost/Library/sql/library.sql
The database dump contains the full database schema and stored application data. This type of system typically manages sensitive information such as user accounts, student records, issued books, and administrative credentials.
Because the file is stored inside a web-accessible directory and lacks access control, attackers can retrieve sensitive data without authentication. |
|---|
| Source | ⚠️ https://github.com/ahmadmarz10-hub/CVEsMarz/blob/main/Sensitive%20Information%20Disclosure%20in%20Online%20Library%20Management%20System%20PHP%20Exposed%20Database%20Backup.md |
|---|
| User | AhmadMarzouk (UID 95993) |
|---|
| Submission | 03/31/2026 20:12 (9 days ago) |
|---|
| Moderation | 04/09/2026 15:04 (9 days later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 356554 [code-projects Online Library Management System 1.0 SQL Database Backup File /sql/library.sql information disclosure] |
|---|
| Points | 20 |
|---|