| Title | code-projects Simple Chatbox PHP 1.0 Information Disclosure |
|---|
| Description | The Simple Chatbox in PHP v1.0 is vulnerable to Sensitive Information Disclosure due to an exposed SQL database backup file.
The application includes a database dump file (chatbox.sql) located within a publicly accessible directory inside the web root. Because the web server does not restrict access to .sql files, any unauthenticated user can directly access and download the database dump via HTTP.
The exposed file is accessible at:
http://localhost/SimpleChatbox_PHP/chatbox/database/chatbox.sql
The SQL dump file contains the complete database schema and stored application data, including chat messages, user-related data, and system structure. Since the file is stored in a web-accessible location without access controls, attackers can retrieve sensitive information without authentication. |
|---|
| Source | ⚠️ https://github.com/ahmadmarz10-hub/CVEsMarz/blob/main/Sensitive%20Information%20Disclosure%20in%20Simple%20Chatbox%20PHP%20Exposed%20Database%20Backup.md |
|---|
| User | AhmadMarzook (UID 96211) |
|---|
| Submission | 04/03/2026 20:41 (3 months ago) |
|---|
| Moderation | 04/12/2026 20:11 (9 days later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 357040 [code-projects Simple ChatBox 1.0 Endpoint chatbox.sql SimpleChatbox_PHP file information disclosure] |
|---|
| Points | 20 |
|---|