SQL Injection Vulnerability in PHPJabbers Document Creator
CVE-2023-36311

9.8CRITICAL

Key Information:

Vendor: PHPjabbers
Status: Document Creator
Vendor: CVE Published:; 10 August 2023

What is CVE-2023-36311?

The PHPJabbers Document Creator version 1.0 is susceptible to a SQL injection vulnerability due to improper handling of the 'column' parameter in index.php. This flaw could allow attackers to manipulate database queries, potentially leading to unauthorized access to sensitive data or compromise the integrity of the database. Users are urged to apply necessary patches and best security practices to safeguard their applications.

References

https://www.phpjabbers.com/document-creator

https://medium.com/%40milfortutz/multiple-vulnerabilities...

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 10, 2023
Vulnerability Reserved
Jun 21, 2023

PHPjabbers

What is CVE-2023-36311?

References

CVSS V3.1

Timeline