CVE-2026-5847

medium

Description

A vulnerability has been found in code-projects Movie Ticketing System 1.0. Impacted is an unknown function of the file /db/moviedb.sql of the component SQL Database Backup File Handler. Such manipulation leads to information disclosure. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

References

https://vuldb.com/vuln/356373/cti

https://vuldb.com/vuln/356373

https://vuldb.com/submit/790337

https://github.com/ahmadmarz10-hub/CVEsMarz/blob/main/Sensitive%20Information%20Disclosure%20in%20Movie%20Ticketing%20System%20PHP%20Exposed%20Database%20Backup.md

https://code-projects.org/

Details

Source: Mitre, NVD

Published: 2026-04-09

Updated: 2026-04-09

Risk Information

CVSS v2

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

Severity: Medium

CVSS v3

Base Score: 4.3

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

Severity: Medium

CVSS v4

Base Score: 5.3

Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Severity: Medium

EPSS

EPSS: 0.00032