CVE-2023-49006

Name of the Vulnerable Software and Affected Versions Phpsysinfo version 3.4.3

Description A Cross Site Request Forgery (CSRF) issue allows a remote attacker to obtain sensitive information via a crafted page in the XML.php file. The functionality is disabled by default in Phpsysinfo 3.4.3, but users may enable the vulnerable functionality.

Recommendations For Phpsysinfo version 3.4.3, consider disabling the vulnerable functionality related to the XML.php file until a patch is available. As a temporary workaround, restrict access to the XML.php file to minimize the risk of exploitation.