CVE-2024-5413

Name of the Vulnerable Software and Affected Versions: PhpMyBackupPro version 2.3

Description: A vulnerability has been discovered that could allow an attacker to execute XSS through the "/phpmybackuppro/scheduled.php" API endpoint, utilizing all parameters. This issue could enable an attacker to create a specially crafted URL and send it to a victim to retrieve their session details.

Recommendations: For PhpMyBackupPro version 2.3, as a temporary workaround, consider restricting access to the "/phpmybackuppro/scheduled.php" API endpoint until a patch is available. Avoid using all parameters in this endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.