Primary

Context

SourceCodester Simple Online Book Store System Information Disclosure Vulnerability

Vulnerability

A vulnerability allowing information disclosure has been identified in SourceCodester Simple Online Book Store System version 1.0. This issue arises from a web-accessible backup file that can be accessed via an unauthenticated HTTP GET request. The vulnerability allows remote attackers to retrieve the full contents of the database, including the schema and credential hashes.

Impact

Exploitation of this vulnerability leads to unauthorized access to sensitive database information, including user credentials.

Reproduction

To reproduce this vulnerability, send an unauthenticated HTTP GET request to '/obs/database/obs_db.sql' on the server where SourceCodester Simple Online Book Store System is hosted. The response will include the entire database contents, which can be saved as a .sql file.

Added: Nov 14, 2025, 9:18 PM

Updated: Nov 14, 2025, 10:20 PM

Vulnerability Rating

Custom Algorithm

spread

1.0

impact

2.5

exploitability

9.7

remediation

0.0

relevance

1.0

threat

6.4

urgency

2.9

incentive

10.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

1.0

impact

2.5

exploitability

9.7

remediation

0.0

relevance

1.0

threat

6.4

urgency

2.9

incentive

10.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

SourceCodester Simple Online Book Store System Information Disclosure Vulnerability

Vulnerability

Impact

Reproduction

Affected Products

SourceCodester Simple Online Book Store System

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating