CVE-2023-51298

Medium CVSS: 4.7

PHPJabbers Event Booking Calendar v4.0 is vulnerable to CSV Injection vulnerability which allows an attacker to execute remote code. The vulnerability exists due to insufficient input validation on Languages section Labels any parameters field in System Options that is used to construct CSV file.

Vendor

Phpjabbers

Product

Event Booking Calendar

CWE

CWE-1236

Yayın Tarihi

2025-02-19 20:15:34

Güncelleme

2025-04-22 20:01:27

Source Identifier

cve@mitre.org

KEV Date Added

Kategoriler

CWE-1236 Event Booking Calendar MEDIUM Phpjabbers 2025

Referanslar

http://packetstormsecurity.com/files/176487/PHPJabbers-Event-Booking-Calendar-4.0-CSV-Injection.html https://www.phpjabbers.com/event-booking-calendar/#sectionDemo

Benzer Kayıtlar

Medium

CVE-2023-53927

PHPJabbers Simple CMS 5.0 contains a stored cross-site scripting vulnerability that allows authenticated attackers to in…

High

CVE-2023-53926

PHPJabbers Simple CMS 5.0 contains a SQL injection vulnerability in the 'column' parameter that allows remote attackers…

Critical

CVE-2023-53877

Bus Reservation System 1.1 contains a SQL injection vulnerability in the pickup_id parameter that allows attackers to ma…

Medium

CVE-2025-10827

A weakness has been identified in PHPJabbers Restaurant Menu Maker up to 1.1. Affected by this issue is some unknown fun…

Medium

CVE-2023-51295

PHPJabbers Event Booking Calendar v4.0 is vulnerable to Multiple HTML Injection in the "name, plugin_sms_api_key, plugin…

Medium

CVE-2023-51328

PHPJabbers Cleaning Business Software v1.0 is vulnerable to Multiple Stored Cross-Site Scripting (XSS) in the "c_name, n…