CSV Injection Vulnerability in PHPJabbers Meeting Room Booking System
CVE-2023-51336

8.8HIGH

Key Information:

Vendor: PHPJabbers
Status: Meeting Room Booking System
Vendor: CVE Published:; 20 February 2025

What is CVE-2023-51336?

The PHPJabbers Meeting Room Booking System v1.0 is vulnerable to CSV Injection due to inadequate input validation in the Languages section. This allows malicious users to manipulate CSV files, potentially executing harmful code on the server. Attackers can exploit this vulnerability through crafted input in System Options, threatening the integrity and confidentiality of data processed by the system. Ensuring proper validation and sanitation of inputs is crucial for securing the application and mitigating the risks associated with CSV manipulation.

References

https://www.phpjabbers.com/meeting-room-booking-system/#s...

https://packetstorm.news/files/id/176518

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 20, 2025
Vulnerability Reserved
Dec 18, 2023