CVE-2023-51313

Published: Feb 20, 2025Modified: Apr 23, 2025

8.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)

Description

PHPJabbers Restaurant Booking System v3.0 is vulnerable to CSV Injection vulnerability which allows an attacker to execute remote code. The vulnerability exists due to insufficient input validation on Languages section Labels any parameters field in System Options that is used to construct CSV file.

Affected (1)

Products: Phpjabbers: Restaurant Booking System

1 product

Restaurant Booking System

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Phpjabbers Restaurant Booking System	Version 3.0

Related CWEs

Improper Control of Generation of Code ('Code Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

References (2)

http://packetstormsecurity.com/files/176498/PHPJabbers-Restaurant-Booking-System-3.0-CSV-Injection.html

Source: cve@mitre.org

ExploitThird Party AdvisoryVDB Entry

https://www.phpjabbers.com/restaurant-booking-system/#sectionDemo

Source: cve@mitre.org

Product

Timeline

No history available yet.