CVE-2023-51324

Published: Feb 20, 2025Modified: Jun 17, 2026

6.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Exploitability: 3.9 / Impact: 2.5

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)

Description

PHPJabbers Shared Asset Booking System v1.0 is vulnerable to CSV Injection vulnerability which allows an attacker to execute remote code. The vulnerability exists due to insufficient input validation on Languages section Labels any parameters field in System Options that is used to construct CSV file.

Affected (1)

Products: Phpjabbers: Shared Asset Booking System

1 product

Shared Asset Booking System

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Phpjabbers Shared Asset Booking System	Version 1.0

Related CWEs

Improper Control of Generation of Code ('Code Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

References (3)

https://packetstorm.news/files/id/176504

Source: cve@mitre.org

ExploitThird Party AdvisoryVDB Entry

https://www.phpjabbers.com/shared-asset-booking-system/#sectionDemo

Source: cve@mitre.org

Product

http://packetstormsecurity.com/files/176504/PHPJabbers-Shared-Asset-Booking-System-1.0-CSV-Injection.html

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.