CSV Injection Vulnerability in Availability Booking Calendar by Packetstorm Security
CVE-2023-48207

8.8HIGH

Key Information:

Vendor: PHPjabbers
Status: Availability Booking Calendar
Vendor: CVE Published:; 7 December 2023

What is CVE-2023-48207?

The Availability Booking Calendar 5.0 suffers from a vulnerability allowing an attacker to exploit CSV injection via the unique ID field in the Reservations list component. This allows for the potential manipulation of data when the CSV file is opened by users, posing significant risks to data integrity and security. It is crucial for users to apply necessary mitigations to safeguard against possible unauthorized access and exploitation.

References

http://packetstormsecurity.com/files/175804

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 7, 2023
Vulnerability Reserved
Nov 13, 2023

PHPjabbers

What is CVE-2023-48207?

References

CVSS V3.1

Timeline