CSV Injection Vulnerability in PHPJabbers Hotel Booking System
CVE-2023-51302

8.8HIGH

Key Information:

Vendor: PHPJabbers
Status: Hotel Booking System
Vendor: CVE Published:; 19 February 2025

Summary

The PHPJabbers Hotel Booking System v4.0 contains a CSV Injection vulnerability due to inadequate input validation in the Languages section Labels parameters field. This flaw can be exploited by an attacker to manipulate the data represented in CSV files, potentially leading to remote code execution. Proper sanitization of user inputs is crucial to mitigate this risk and protect the integrity of the system.

References

https://www.phpjabbers.com/hotel-booking-system/#sectionDemo

http://packetstormsecurity.com/files/176489/PHPJabbers-Ho...

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Feb 19, 2025
Vulnerability Reserved
Dec 18, 2023