CSV Injection Vulnerability in PHPJabbers Car Park Booking System
CVE-2023-51311

8.8HIGH

Key Information:

Vendor: PHPJabbers
Status: Car Park Booking System
Vendor: CVE Published:; 20 February 2025

Summary

The PHPJabbers Car Park Booking System version 3.0 has a vulnerability that allows attackers to perform CSV Injection due to inadequate input validation in the Languages section within System Options. This flaw permits the construction of malicious CSV files, potentially leading to remote code execution when such files are processed. It is crucial for users of this system to address this vulnerability to safeguard against potential exploitation.

References

https://www.phpjabbers.com/car-park-booking/#sectionDemo

https://packetstorm.news/files/id/176494

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Feb 20, 2025
Vulnerability Reserved
Dec 18, 2023