SourceCodester Best Employee Management System backups.php information disclosure
Description
A vulnerability classified as problematic was found in SourceCodester Best Employee Management System 1.0. This vulnerability affects unknown code of the file /admin/backup/backups.php. The manipulation leads to information disclosure. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Information disclosure vulnerability in SourceCodester Best Employee Management System 1.0 via /admin/backup/backups.php allows remote attackers to access sensitive data.
Vulnerability
The vulnerability exists in SourceCodester Best Employee Management System version 1.0, specifically in the file /admin/backup/backups.php. The code does not properly restrict access, leading to information disclosure. The attack can be initiated remotely without authentication. The issue was disclosed publicly [1].
Exploitation
An attacker can exploit this vulnerability by sending a direct HTTP request to /admin/backup/backups.php. No authentication or special privileges are required. The exploit details have been published [1], making it easy to replicate.
Impact
Successful exploitation allows an attacker to view sensitive information, such as backup files or database contents, leading to information disclosure. The confidentiality of the system is compromised.
Mitigation
The vendor was contacted but did not respond [2]. As of the publication date (2025-02-24), no official patch or fix is available. Users should restrict access to the vulnerable file via web server configuration or disable the backup functionality until a fix is released.
AI Insight generated on May 25, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Range: = 1.0
- Range: 1.0
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
5- github.com/xiahao90/CVEproject/blob/main/xiahao.webray.com.cn/Best-employee-management-system-information-leakage.mdmitreexploit
- vuldb.commitrethird-party-advisory
- vuldb.commitresignaturepermissions-required
- vuldb.commitrevdb-entry
- www.sourcecodester.commitreproduct
News mentions
0No linked articles in our index yet.