CVE-2026-5650
Insecure Data Storage in code-projects OAS 1.0 via oas.sql
Publication date: 2026-04-06
Last updated on: 2026-04-06
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| code-projects | online_application_system | 1.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-922 | The product stores sensitive information without properly limiting read or write access by unauthorized actors. |
| CWE-200 | The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-5650 is a sensitive information disclosure vulnerability in the Online Application System for Admission PHP version 1.0. It occurs because a database backup file named oas.sql is stored in a publicly accessible directory within the web root, allowing any remote user to download the entire database dump without authentication.
The vulnerability arises from insecure server configuration and poor backup file management, including storing backup files inside the web root, allowing direct HTTP access to .sql files, and lacking authentication or access control to protect these files.
How can this vulnerability impact me? :
An attacker exploiting this vulnerability can retrieve the complete database dump, which includes sensitive information such as user records, credentials, application data, and the database structure.
This unauthorized disclosure of sensitive data can lead to privacy breaches, identity theft, further exploitation of the system, and loss of trust.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by checking if the database backup file named oas.sql is accessible via HTTP without authentication.
A simple way to detect this is to attempt to access the URL path where the file is expected, for example: http://yourserver/OnlineApplicationSystem_PHP/enrollment/database/oas.sql
If the file is accessible and downloadable, the vulnerability exists.
- Use curl or wget to test access: curl -I http://yourserver/OnlineApplicationSystem_PHP/enrollment/database/oas.sql
- Use a web browser or automated scanning tools to check for exposed .sql files in the web root directories.
- Scan the web server directories for .sql files that are publicly accessible.
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include removing the exposed SQL backup files from publicly accessible web directories.
Store backup files in secure locations outside the web root, such as /var/backups/.
Configure the web server to deny access to .sql files.
- For Apache, add the following to your configuration: <Files "*.sql"> Require all denied </Files>
- For Nginx, add the following to your configuration: location ~* \.sql$ { deny all; }
Additionally, disable directory listing, implement proper file permissions, and regularly audit the server for exposed sensitive files.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
This vulnerability leads to the insecure storage and public exposure of sensitive information through an accessible database backup file. Such unauthorized disclosure of sensitive data can result in non-compliance with common standards and regulations like GDPR and HIPAA, which mandate the protection of personal and sensitive information.
Specifically, the exposure of user records, credentials, and application data violates principles of data confidentiality and security required by these regulations, potentially leading to legal and financial consequences for the affected organization.
The root cause being insecure server configuration and poor backup management highlights the need for strict access controls and secure storage practices to maintain compliance.