Arbitrary Code Execution Risk in PHPJabbers Ticket Support Script
CVE-2023-39776

9.8CRITICAL

Key Information:

Vendor: PHPjabbers
Status: Ticket Support Script
Vendor: CVE Published:; 10 August 2023

What is CVE-2023-39776?

A File Upload vulnerability in PHPJabbers Ticket Support Script version 3.2 enables an attacker to execute arbitrary code. This occurs when a crafted file is uploaded, bypassing the existing security measures. Such vulnerabilities can lead to severe consequences, including data breaches and unauthorized access to sensitive information. Organizations using this software must take immediate action to mitigate these risks.

References

https://www.phpjabbers.com/ticket-support-script

https://medium.com/%40milfortutz/multiple-vulnerabilities...

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Aug 10, 2023
Vulnerability Reserved
Aug 7, 2023

PHPjabbers

What is CVE-2023-39776?

References

CVSS V3.1

Timeline