CSV Injection Vulnerability in PHPJabbers Cinema Booking System
CVE-2023-51333

8.8HIGH

Key Information:

Vendor: PHPJabbers
Status: Cinema Booking System
Vendor: CVE Published:; 20 February 2025

What is CVE-2023-51333?

The PHPJabbers Cinema Booking System v1.0 has a vulnerability stemming from inadequate input validation within the Languages section's Labels parameter in System Options. This flaw allows an attacker to craft malicious CSV files, which could lead to the execution of remote code when the files are processed. Proper validation and sanitization are crucial to mitigate the risk associated with this vulnerability.

References

https://www.phpjabbers.com/cinema-booking-system/#section...

https://packetstorm.news/files/id/176511

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 20, 2025
Vulnerability Reserved
Dec 18, 2023