Code-Projects Simple Food Ordering System Information Disclosure Vulnerability

A sensitive information disclosure vulnerability has been identified in Code-Projects Simple Food Ordering System versions through 1.0. The issue arises from an exposed database backup file, food.sql, which is accessible in a publicly reachable directory within the web root. This vulnerability allows remote users to download or view the entire SQL database dump without authentication, potentially leading to the exposure of sensitive information such as administrator credentials, user data, order records, and product information.

Impact

Exploitation of this vulnerability allows unauthorized access to sensitive database information, including administrative credentials and user data. Such access could result in account compromises, unauthorized database manipulations, and further attacks against the application.

Reproduction

To reproduce this vulnerability, deploy the Simple Food Ordering System application. Once it is running, open a web browser and navigate to the URL http://localhost/food/sql/food.sql. The database dump will either download automatically or be displayed in the browser. The exposed SQL file contains sensitive information, including administrator and user credentials.

Remediation

It is recommended to remove SQL backup files from the web root and store them in a secure location, such as /var/backups/. Access to .sql files should be restricted through server configuration, denying all requests to these file types. Additionally, database backups should be kept in secured storage environments with restricted access.