| tiêu đề | Code-Projects Simple Food Ordering System in PHP 1.0 Information Disclosure |
|---|
| Mô tả | The Simple Food Ordering System in PHP contains a sensitive information disclosure vulnerability due to an exposed database backup file. The application stores a database dump file (food.sql) inside a publicly accessible directory within the web root. An attacker can directly access this file through the web server without authentication.
By visiting the exposed path /food/sql/food.sql, an attacker can download or view the full SQL database dump. The file contains database structure information and potentially sensitive data such as administrator accounts, usernames, password hashes, product information, and order records.
The issue exists because backup files are stored in the web-accessible directory and the server does not restrict access to .sql files. This misconfiguration allows unauthorized users to retrieve the database contents.
Successful exploitation may lead to sensitive data exposure, credential disclosure, and further attacks against the application using the leaked information |
|---|
| Nguồn | ⚠️ https://github.com/ahmadmarz10-hub/CVEsMarz/blob/main/Simple%20Food%20Ordering%20System%20Information%20Disclosure%20%20.md |
|---|
| Người dùng | AhmadMarzouk (UID 95993) |
|---|
| Đệ trình | 06/03/2026 23:42 (cách đây 2 các tháng) |
|---|
| Kiểm duyệt | 21/03/2026 08:56 (14 days later) |
|---|
| Trạng thái | được chấp nhận |
|---|
| Mục VulDB | 352320 [code-projects Simple Food Ordering System đến 1.0 Database Backup /food/sql/food.sql nâng cao đặc quyền] |
|---|
| điểm | 20 |
|---|