CVE-2024-5414

Name of the Vulnerable Software and Affected Versions: PhpMyBackupPro version 2.3

Description: A vulnerability has been discovered that could allow an attacker to execute XSS through the "/phpmybackuppro/get file.php" API endpoint, using the view parameter. This could allow an attacker to create a specially crafted URL and send it to a victim to retrieve their session details.

Recommendations: For PhpMyBackupPro version 2.3, as a temporary workaround, consider disabling access to the "/phpmybackuppro/get file.php" API endpoint or restricting the use of the view parameter until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.