CVE-2024-5415

Name of the Vulnerable Software and Affected Versions: PhpMyBackupPro version 2.3

Description: A vulnerability has been discovered that could allow an attacker to execute XSS through the "/phpmybackuppro/backup.php" API endpoint, using the comments and db parameters. This could allow an attacker to create a specially crafted URL and send it to a victim to retrieve their session details.

Recommendations: For version 2.3, consider disabling access to the "/phpmybackuppro/backup.php" API endpoint until a patch is available. As a temporary workaround, restrict the use of the comments and db parameters in this endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.