CVE-2023-51333

Published Feb 20, 2025

Last updated a month ago

Overview

Description: PHPJabbers Cinema Booking System v1.0 is vulnerable to CSV Injection vulnerability which allows an attacker to execute remote code. The vulnerability exists due to insufficient input validation on Languages section Labels any parameters field in System Options that is used to construct CSV file.
Source: cve@mitre.org
NVD status: Analyzed

Risk scores

CVSS 3.1

Type: Secondary
Base score: 8.8
Impact score: 5.9
Exploitability score: 2.8
Vector string: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Severity: HIGH

Weaknesses

134c704f-9b21-4f2e-91b3-4a467353bcc0: CWE-1236

Hype score: Not currently trending

CVE-2023-51333 PHPJabbers Cinema Booking System v1.0 is vulnerable to CSV Injection vulnerability which allows an attacker to execute remote code. The vulnerability exists due to in… https://t.co/rdE7EObfht
@CVEnew
20 Feb 2025
241 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:phpjabbers:cinema_booking_system:1.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9B370F2F-0868-4A2F-B652-9DDB25180A66"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

References

Sources include official advisories and independent security research.