Cloud Vulnerability DB
An open project to list all known cloud vulnerabilities and Cloud Service Provider security issues
Vulnerability DatabaseCVE-2024-33298
CVE-2024-33298:
PHP vulnerability analysis and mitigation
Overview
A Cross Site Scripting (XSS) vulnerability exists in Microweber version 2.0.9 that allows a remote attacker to execute arbitrary code via the create new backup function in the endpoint /admin/module/view?type=admin__backup. The vulnerability was discovered and disclosed on January 10, 2025 (NVD).
Technical details
The vulnerability is classified as a stored Cross-Site Scripting (CWE-79) issue with a CVSS v3.1 base score of 6.1 MEDIUM (Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). The vulnerability specifically affects the backup functionality in the admin interface and can be triggered through the files management endpoints /admin/module/view?type=files and /admin/settings?group=files (GitHub).
Impact
When successfully exploited, this vulnerability allows attackers to execute JavaScript code in the victim's browser. This can lead to information theft or forcing users to access malicious websites. The attack requires administrative access to be successful (GitHub).
Mitigation and workarounds
The vulnerability affects Microweber versions 2.0.9 and earlier. Users should upgrade to a version newer than 2.0.9 when available (NVD).
Additional resources
Source: This report was generated using AI
Free Vulnerability Assessment
Benchmark your Cloud Security Posture
Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.
Get a personalized demo
Ready to see Wiz in action?
“Best User Experience I have ever seen, provides full visibility to cloud workloads.”
David EstlickCISO
“Wiz provides a single pane of glass to see what is going on in our cloud environments.”
Adam FletcherChief Security Officer
“We know that if Wiz identifies something as critical, it actually is.”
Greg PoniatowskiHead of Threat and Vulnerability Management