HIGH🇵🇱 Wersja polska

CVE-2023-51333

CVSS 8.8v3.1pub. 2025-02-20upd. 2025-11-04

PHPJabbers Cinema Booking System v1.0 is vulnerable to CSV Injection vulnerability which allows an attacker to execute remote code. The vulnerability exists due to insufficient input validation on Languages section Labels any parameters field in System Options that is used to construct CSV file.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • Phpjabbers Cinema Booking System

    APP
    Phpjabbers
    1.0
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2024-57430CRITICAL9.8PL ✓ten sam produkt

SQL Injection w PHPJabbers Cinema Booking System v2.0 — pjActionGetUser

CVE-2024-57428CRITICAL9.3PL ✓ten sam produkt

Stored XSS w PHPJabbers Cinema Booking System v2.0

CVE-2023-51334MEDIUM5.3ten sam produkt

A lack of rate limiting in the 'Forgot Password' feature of PHPJabbers Cinema Booking System v1.0 allows attac...

CVE-2023-51335MEDIUM6.5ten sam produkt

PHPJabbers Cinema Booking System v1.0 is vulnerable to Multiple Stored Cross-Site Scripting (XSS) in the "titl...

CVE-2023-51330MEDIUM5.4ten sam produkt

PHPJabbers Cinema Booking System v1.0 is vulnerable to Reflected Cross-Site Scripting (XSS) in Now Showing men...