exploitDog

CVE-2023-51336

Опубликовано: 20 фев. 2025

Источник: nvd

CVSS3: 8.8

EPSS Низкий

Описание

PHPJabbers Meeting Room Booking System v1.0 is vulnerable to CSV Injection vulnerability which allows an attacker to execute remote code. The vulnerability exists due to insufficient input validation on Languages section Labels any parameters field in System Options that is used to construct CSV file.

Ссылки

https://packetstorm.news/files/id/176518
Third Party Advisory
VDB Entry
https://www.phpjabbers.com/meeting-room-booking-system/#sectionDemo
Product
http://packetstormsecurity.com/files/176518/PHPJabbers-Meeting-Room-Booking-System-1.0-CSV-Injection.html
https://packetstorm.news/files/id/176518
Third Party Advisory
VDB Entry

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:phpjabbers:meeting_room_booking_system:1.0:*:*:*:*:*:*:*

EPSS

Процентиль: 45%

0.00226

Низкий

8.8 High

CVSS3

Дефекты

CWE-1236

Связанные уязвимости

GHSA-g73p-89xv-8q58

CVSS3: 8.8

github

12 месяцев назад

PHPJabbers Meeting Room Booking System v1.0 is vulnerable to CSV Injection vulnerability which allows an attacker to execute remote code. The vulnerability exists due to insufficient input validation on Languages section Labels any parameters field in System Options that is used to construct CSV file.

EPSS

Процентиль: 45%

0.00226

Низкий

8.8 High

CVSS3

Дефекты

CWE-1236