CVE-2026-5847

MEDIUM

code-projects Movie Ticketing System SQL Database Backup File moviedb.sql information disclosure

Title source: cna

Description

A vulnerability has been found in code-projects Movie Ticketing System 1.0. Impacted is an unknown function of the file /db/moviedb.sql of the component SQL Database Backup File Handler. Such manipulation leads to information disclosure. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

References (5)

Core 5

Core References

Vdb Entry vdb-entry

VDB-356373 | code-projects Movie Ticketing System SQL Database Backup File moviedb.sql information disclosure

https://vuldb.com/vuln/356373

Signature, Permissions Required signature permissions-required

VDB-356373 | CTI Indicators (IOB, IOC, TTP, IOA)

https://vuldb.com/vuln/356373/cti

Third Party Advisory third-party-advisory

Submit #790337 | code-projects Movie Ticketing System in PHP 1.0 Information Disclosure

https://vuldb.com/submit/790337

Exploit exploit

https://github.com/ahmadmarz10-hub/CVEsMarz/blob/main/Sensitive%20Information%20Disclosure%20in%20Movie%20Ticketing%20System%20PHP%20Exposed%20Database%20Backup.md

View Exploit ZIP pw:eip

Product product

https://code-projects.org/

Scores

CVSS v3 4.3

EPSS 0.0026

EPSS Percentile 17.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

CWE

CWE-200 CWE-284

Status published

Products (1)

code-projects/Movie Ticketing System 1.0

Published Apr 09, 2026

Tracked Since Apr 09, 2026