Account Takeover Vulnerability in PHP Jabbers Time Slots Booking Calendar
CVE-2023-33563

8.8HIGH

Key Information:

Vendor: PHPjabbers
Status: Time Slots Booking Calendar
Vendor: CVE Published:; 1 August 2023

What is CVE-2023-33563?

In PHP Jabbers Time Slots Booking Calendar version 3.3, an inadequate verification process when users attempt to change their email address or password on the Profile Page can be exploited by remote attackers. This oversight enables malicious actors to potentially take control of user accounts, posing significant risks to users' sensitive information and transactions.

References

https://www.phpjabbers.com/time-slots-booking-calendar/

https://medium.com/%40bcksec/multiple-vulnerabilities-in-...

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 1, 2023
Vulnerability Reserved
May 22, 2023

PHPjabbers

What is CVE-2023-33563?

References

CVSS V3.1

Timeline