Is there a public PoC exploit available for EUVD-2026-20856?

Yes, a public proof-of-concept exploit is available for EUVD-2026-20856. Prioritise patching immediately. EPSS: 0.0%.

Movie Ticketing System EUVD-2026-20856

Q: What is the CVSS score of EUVD-2026-20856?

EUVD-2026-20856 has a CVSS 4.0 base score of 2.1 (Low). CVSS vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X. EPSS exploitation probability: 0.0%.

| CVE-2026-5847 LOW

Information Exposure (CWE-200)

2026-04-09 VulDB

GHSA-w2mf-pmr4-jj6w

Information Disclosure Movie Ticketing System

2.1

CVSS 4.0 · NVD

Severity by source

NVD PRIMARY

2.1 LOW

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

Scope

Lifecycle Timeline

PoC Detected

Apr 09, 2026 - 05:16 vuln.today

Public exploit code

EUVD ID Assigned

Apr 09, 2026 - 05:15 euvd

EUVD-2026-20856

Analysis Generated

Apr 09, 2026 - 05:15 vuln.today

CVE Published

Apr 09, 2026 - 05:00 nvd

LOW 2.1

DescriptionCVE.org

A vulnerability has been found in code-projects Movie Ticketing System 1.0. Impacted is an unknown function of the file /db/moviedb.sql of the component SQL Database Backup File Handler. Such manipulation leads to information disclosure. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

AnalysisAI

Code-Projects Movie Ticketing System 1.0 exposes sensitive database information through an unprotected SQL backup file at /db/moviedb.sql, allowing remote unauthenticated attackers to download and read the entire database via simple HTTP request. The vulnerability requires user interaction (UI:P per CVSS4.0) and has a publicly available exploit demonstrating the disclosure technique, though the very low CVSS score of 2.1 reflects limited confidentiality impact in typical deployments.

Unlock full vulnerability intelligence

Risk assessment & exploitation conditions
Attack chain visualization
Remediation with exact patch versions
Threat intelligence from 22 sources
Personal watchlist & email alerts

Continue with Google Continue with GitHub

Free forever · No credit card required

Vulnerability AssessmentAI

Risk Assessment	While the CVSS score of 2.1 is extremely low, this assessment significantly understates the real-world risk. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario	An attacker discovers the /db/moviedb.sql file is publicly accessible via HTTP GET request to http://vulnerable-ticketing-system.com/db/moviedb.sql. The file can be downloaded in full without authentication, exposing all database tables including user accounts, payment information, and application configuration secrets. …
Remediation	Immediately remove or relocate the /db/moviedb.sql file from any web-accessible directory. … Detailed patch versions, workarounds, and compensating controls in full report.

Threat intelligence, references, and detailed analysis are available after sign-in.

EUVD-2026-20856 vulnerability details – vuln.today

Back