CVE-2019-7748

Name of the Vulnerable Software and Affected Versions DbNinja version 3.2.7

Description The issue allows for XSS via the data.php task parameter in the includesonline.php file, but only if the users/admin/tasks.php file exists.

Recommendations For DbNinja version 3.2.7, consider restricting access to the includesonline.php file or the data.php task parameter to minimize the risk of exploitation. As a temporary workaround, avoid using the data.php task parameter until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.