CVE-2026-5847

MEDIUM

code-projects Movie Ticketing System SQL Database Backup File moviedb.sql information disclosure

Title source: cna

Description

A vulnerability has been found in code-projects Movie Ticketing System 1.0. Impacted is an unknown function of the file /db/moviedb.sql of the component SQL Database Backup File Handler. Such manipulation leads to information disclosure. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

References (5)

[Vdb Entry] https://vuldb.com/vuln/356373

[Signature, Permissions Required] https://vuldb.com/vuln/356373/cti

[Third Party Advisory] https://vuldb.com/submit/790337

[Exploit] https://github.com/ahmadmarz10-hub/CVEsMarz/blob/main/Sensitive%20Information%20Disclosure%20in%20Movie%20Ticketing%20System%20PHP%20Exposed%20Database%20Backup.md

View Exploit ZIP pw:eip

[Product] https://code-projects.org/

Scores

CVSS v3 4.3

EPSS 0.0003

EPSS Percentile 10.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

Details

CWE

CWE-200 CWE-284

Status published

Products (1)

code-projects/Movie Ticketing System 1.0

Published Apr 09, 2026

Tracked Since Apr 09, 2026