2021 | Movie/movie.php

If your code uses something like include($_GET['page']); without validation, attackers can read sensitive files. movie.php?page=../../config.php → exposes database credentials.

A script named movie.php inside a /movie/ directory often: