CVE-2012-4251

Name of the Vulnerable Software and Affected Versions MySQLDumper version 1.24.4

Description The issue allows remote attackers to inject arbitrary web script or HTML, potentially leading to cross-site scripting (XSS) attacks. This can be achieved through various parameters in different PHP files, including the page parameter to "index.php", the phase parameter to "install.php", the tablename or dbid parameter to "sql.php", or the filename parameter to "restore.php" in the "learn/cubemail/" directory.

Recommendations For MySQLDumper version 1.24.4, consider disabling access to the vulnerable parameters, such as page, phase, tablename, dbid, and filename, until a patch is available. Restrict access to the affected PHP files, including "index.php", "install.php", "sql.php", and "restore.php", to minimize the risk of exploitation. Avoid using these parameters in the respective API endpoints until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.