Vulnerabilites related to phpjabbers - hotel_booking_system
Vulnerability from fkie_nvd
Published
2025-02-19 20:15
Modified
2025-04-22 20:03
Severity ?
Summary
A lack of rate limiting in the 'Email Settings' feature of PHPJabbers Hotel Booking System v4.0 allows attackers to send an excessive amount of email for a legitimate user, leading to a possible Denial of Service (DoS) via a large amount of generated e-mail messages.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://packetstormsecurity.com/files/176486/PHPJabbers-Hotel-Booking-System-4.0-Missing-Rate-Limiting.html | Exploit, VDB Entry, Third Party Advisory | |
| cve@mitre.org | https://www.phpjabbers.com/hotel-booking-system/#sectionDemo | Product |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| phpjabbers | hotel_booking_system | 4.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpjabbers:hotel_booking_system:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E7AC4C90-B643-4B17-89A3-DBE8B1338D4E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A lack of rate limiting in the \u0027Email Settings\u0027 feature of PHPJabbers Hotel Booking System v4.0 allows attackers to send an excessive amount of email for a legitimate user, leading to a possible Denial of Service (DoS) via a large amount of generated e-mail messages."
},
{
"lang": "es",
"value": "La falta de limitaci\u00f3n de velocidad en la funci\u00f3n \u0027Email Settings\u0027 de PHPJabbers Hotel Booking System v4.0 permite a los atacantes enviar una cantidad excesiva de correos electr\u00f3nicos a un usuario leg\u00edtimo, lo que lleva a una posible denegaci\u00f3n de servicio (DoS) a trav\u00e9s de una gran cantidad de mensajes de correo electr\u00f3nico generados."
}
],
"id": "CVE-2023-51297",
"lastModified": "2025-04-22T20:03:27.050",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2025-02-19T20:15:34.770",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"VDB Entry",
"Third Party Advisory"
],
"url": "http://packetstormsecurity.com/files/176486/PHPJabbers-Hotel-Booking-System-4.0-Missing-Rate-Limiting.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Product"
],
"url": "https://www.phpjabbers.com/hotel-booking-system/#sectionDemo"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-770"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-02-19 21:15
Modified
2025-04-23 14:19
Severity ?
Summary
PHPJabbers Hotel Booking System v4.0 is vulnerable to CSV Injection vulnerability which allows an attacker to execute remote code. The vulnerability exists due to insufficient input validation on Languages section Labels any parameters field in System Options that is used to construct CSV file.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://packetstormsecurity.com/files/176489/PHPJabbers-Hotel-Booking-System-4.0-CSV-Injection.html | Exploit, VDB Entry, Third Party Advisory | |
| cve@mitre.org | https://www.phpjabbers.com/hotel-booking-system/#sectionDemo | Product |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| phpjabbers | hotel_booking_system | 4.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpjabbers:hotel_booking_system:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E7AC4C90-B643-4B17-89A3-DBE8B1338D4E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "PHPJabbers Hotel Booking System v4.0 is vulnerable to CSV Injection vulnerability which allows an attacker to execute remote code. The vulnerability exists due to insufficient input validation on Languages section Labels any parameters field in System Options that is used to construct CSV file."
},
{
"lang": "es",
"value": "PHPJabbers Hotel Booking System v4.0 es afectado por una vulnerabilidad de inyecci\u00f3n de CSV, lo que permite a un atacante ejecutar c\u00f3digo remoto. La vulnerabilidad existe debido a una validaci\u00f3n de entrada insuficiente en la secci\u00f3n Idiomas. Etiqueta cualquier campo de par\u00e1metros en System Options que se utiliza para construir el archivo CSV."
}
],
"id": "CVE-2023-51302",
"lastModified": "2025-04-23T14:19:53.830",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2025-02-19T21:15:14.980",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"VDB Entry",
"Third Party Advisory"
],
"url": "http://packetstormsecurity.com/files/176489/PHPJabbers-Hotel-Booking-System-4.0-CSV-Injection.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Product"
],
"url": "https://www.phpjabbers.com/hotel-booking-system/#sectionDemo"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-1236"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-02-19 21:15
Modified
2025-04-22 19:57
Severity ?
Summary
PHPJabbers Hotel Booking System v4.0 is vulnerable to Cross-Site Scripting (XSS) vulnerabilities in the "name, plugin_sms_api_key, plugin_sms_country_code, title, plugin_sms_api_key" parameters.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://packetstorm.news/files/id/176488 | Exploit, VDB Entry, Third Party Advisory | |
| cve@mitre.org | https://www.phpjabbers.com/hotel-booking-system/#sectionDemo | Product |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| phpjabbers | hotel_booking_system | 4.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpjabbers:hotel_booking_system:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E7AC4C90-B643-4B17-89A3-DBE8B1338D4E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "PHPJabbers Hotel Booking System v4.0 is vulnerable to Cross-Site Scripting (XSS) vulnerabilities in the \"name, plugin_sms_api_key, plugin_sms_country_code, title, plugin_sms_api_key\" parameters."
},
{
"lang": "es",
"value": "PHPJabbers Hotel Booking System v4.0 es afectado por una vulnerabilidades de Cross-Site Scripting (XSS) en los par\u00e1metros \"name, plugin_sms_api_key, plugin_sms_country_code, title, plugin_sms_api_key\"."
}
],
"id": "CVE-2023-51300",
"lastModified": "2025-04-22T19:57:43.537",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2025-02-19T21:15:14.727",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"VDB Entry",
"Third Party Advisory"
],
"url": "https://packetstorm.news/files/id/176488"
},
{
"source": "cve@mitre.org",
"tags": [
"Product"
],
"url": "https://www.phpjabbers.com/hotel-booking-system/#sectionDemo"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-08-28 13:15
Modified
2024-11-21 08:20
Severity ?
Summary
User enumeration is found in PHP Jabbers Hotel Booking System v4.0. This issue occurs during password recovery, where a difference in messages could allow an attacker to determine if the user is valid or not, enabling a brute force attack with valid users.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| phpjabbers | hotel_booking_system | 4.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpjabbers:hotel_booking_system:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E7AC4C90-B643-4B17-89A3-DBE8B1338D4E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "User enumeration is found in PHP Jabbers Hotel Booking System v4.0. This issue occurs during password recovery, where a difference in messages could allow an attacker to determine if the user is valid or not, enabling a brute force attack with valid users."
}
],
"id": "CVE-2023-40760",
"lastModified": "2024-11-21T08:20:05.630",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-08-28T13:15:10.267",
"references": [
{
"source": "cve@mitre.org",
"url": "https://medium.com/%40mfortinsec/multiple-vulnerabilities-in-phpjabbers-part-3-40fc3565982f"
},
{
"source": "cve@mitre.org",
"tags": [
"Product"
],
"url": "https://www.phpjabbers.com/hotel-booking-system/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://medium.com/%40mfortinsec/multiple-vulnerabilities-in-phpjabbers-part-3-40fc3565982f"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
],
"url": "https://www.phpjabbers.com/hotel-booking-system/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-209"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-02-19 21:15
Modified
2025-04-24 15:01
Severity ?
Summary
A lack of rate limiting in the "Login Section, Forgot Email" feature of PHPJabbers Hotel Booking System v4.0 allows attackers to send an excessive amount of reset requests for a legitimate user, leading to a possible Denial of Service (DoS) via a large amount of generated e-mail messages.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://packetstorm.news/files/id/176486 | Exploit, VDB Entry, Third Party Advisory | |
| cve@mitre.org | https://www.phpjabbers.com/hotel-booking-system/#sectionDemo | Product |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| phpjabbers | hotel_booking_system | 4.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpjabbers:hotel_booking_system:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E7AC4C90-B643-4B17-89A3-DBE8B1338D4E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A lack of rate limiting in the \"Login Section, Forgot Email\" feature of PHPJabbers Hotel Booking System v4.0 allows attackers to send an excessive amount of reset requests for a legitimate user, leading to a possible Denial of Service (DoS) via a large amount of generated e-mail messages."
},
{
"lang": "es",
"value": "La falta de limitaci\u00f3n de velocidad en la funci\u00f3n \"Login Section, Forgot Email\" de HPJabbers Hotel Booking System v4.0 permite a los atacantes enviar una cantidad excesiva de solicitudes de restablecimiento para un usuario leg\u00edtimo, lo que lleva a una posible denegaci\u00f3n de servicio (DoS) a trav\u00e9s de una gran cantidad de mensajes de correo electr\u00f3nico generados."
}
],
"id": "CVE-2023-51301",
"lastModified": "2025-04-24T15:01:03.810",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2025-02-19T21:15:14.867",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"VDB Entry",
"Third Party Advisory"
],
"url": "https://packetstorm.news/files/id/176486"
},
{
"source": "cve@mitre.org",
"tags": [
"Product"
],
"url": "https://www.phpjabbers.com/hotel-booking-system/#sectionDemo"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-400"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-02-19 20:15
Modified
2025-04-22 19:59
Severity ?
Summary
PHPJabbers Hotel Booking System v4.0 is vulnerable to HTML Injection in the "name, plugin_sms_api_key, plugin_sms_country_code, title, plugin_sms_api_key, title" parameters.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://packetstorm.news/files/id/176488 | Exploit, VDB Entry, Third Party Advisory | |
| cve@mitre.org | https://www.phpjabbers.com/hotel-booking-system/#sectionDemo | Product |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| phpjabbers | hotel_booking_system | 4.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpjabbers:hotel_booking_system:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E7AC4C90-B643-4B17-89A3-DBE8B1338D4E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "PHPJabbers Hotel Booking System v4.0 is vulnerable to HTML Injection in the \"name, plugin_sms_api_key, plugin_sms_country_code, title, plugin_sms_api_key, title\" parameters."
},
{
"lang": "es",
"value": "PHPJabbers Hotel Booking System v4.0 es vulnerable a la inyecci\u00f3n de HTML en los par\u00e1metros \"name, plugin_sms_api_key, plugin_sms_country_code, title, plugin_sms_api_key, title\"."
}
],
"id": "CVE-2023-51299",
"lastModified": "2025-04-22T19:59:50.427",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2025-02-19T20:15:35.040",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"VDB Entry",
"Third Party Advisory"
],
"url": "https://packetstorm.news/files/id/176488"
},
{
"source": "cve@mitre.org",
"tags": [
"Product"
],
"url": "https://www.phpjabbers.com/hotel-booking-system/#sectionDemo"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
CVE-2023-51297 (GCVE-0-2023-51297)
Vulnerability from cvelistv5
Published
2025-02-19 00:00
Modified
2025-02-19 20:07
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
A lack of rate limiting in the 'Email Settings' feature of PHPJabbers Hotel Booking System v4.0 allows attackers to send an excessive amount of email for a legitimate user, leading to a possible Denial of Service (DoS) via a large amount of generated e-mail messages.
References
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-51297",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-19T20:07:26.379499Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-770",
"description": "CWE-770 Allocation of Resources Without Limits or Throttling",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-19T20:07:34.373Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A lack of rate limiting in the \u0027Email Settings\u0027 feature of PHPJabbers Hotel Booking System v4.0 allows attackers to send an excessive amount of email for a legitimate user, leading to a possible Denial of Service (DoS) via a large amount of generated e-mail messages."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-19T19:37:23.731Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.phpjabbers.com/hotel-booking-system/#sectionDemo"
},
{
"url": "http://packetstormsecurity.com/files/176486/PHPJabbers-Hotel-Booking-System-4.0-Missing-Rate-Limiting.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-51297",
"datePublished": "2025-02-19T00:00:00.000Z",
"dateReserved": "2023-12-18T00:00:00.000Z",
"dateUpdated": "2025-02-19T20:07:34.373Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-51300 (GCVE-0-2023-51300)
Vulnerability from cvelistv5
Published
2025-02-19 00:00
Modified
2025-02-20 15:04
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
PHPJabbers Hotel Booking System v4.0 is vulnerable to Cross-Site Scripting (XSS) vulnerabilities in the "name, plugin_sms_api_key, plugin_sms_country_code, title, plugin_sms_api_key" parameters.
References
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-51300",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-20T15:03:55.519586Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-20T15:04:54.519Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "PHPJabbers Hotel Booking System v4.0 is vulnerable to Cross-Site Scripting (XSS) vulnerabilities in the \"name, plugin_sms_api_key, plugin_sms_country_code, title, plugin_sms_api_key\" parameters."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-19T20:11:44.217Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.phpjabbers.com/hotel-booking-system/#sectionDemo"
},
{
"url": "https://packetstorm.news/files/id/176488"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-51300",
"datePublished": "2025-02-19T00:00:00.000Z",
"dateReserved": "2023-12-18T00:00:00.000Z",
"dateUpdated": "2025-02-20T15:04:54.519Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-51302 (GCVE-0-2023-51302)
Vulnerability from cvelistv5
Published
2025-02-19 00:00
Modified
2025-02-20 15:00
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
PHPJabbers Hotel Booking System v4.0 is vulnerable to CSV Injection vulnerability which allows an attacker to execute remote code. The vulnerability exists due to insufficient input validation on Languages section Labels any parameters field in System Options that is used to construct CSV file.
References
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-51302",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-20T14:59:01.592058Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1236",
"description": "CWE-1236 Improper Neutralization of Formula Elements in a CSV File",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-20T15:00:24.342Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "PHPJabbers Hotel Booking System v4.0 is vulnerable to CSV Injection vulnerability which allows an attacker to execute remote code. The vulnerability exists due to insufficient input validation on Languages section Labels any parameters field in System Options that is used to construct CSV file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-19T20:14:59.724Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.phpjabbers.com/hotel-booking-system/#sectionDemo"
},
{
"url": "http://packetstormsecurity.com/files/176489/PHPJabbers-Hotel-Booking-System-4.0-CSV-Injection.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-51302",
"datePublished": "2025-02-19T00:00:00.000Z",
"dateReserved": "2023-12-18T00:00:00.000Z",
"dateUpdated": "2025-02-20T15:00:24.342Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-40760 (GCVE-0-2023-40760)
Vulnerability from cvelistv5
Published
2023-08-28 00:00
Modified
2024-10-02 15:38
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
User enumeration is found in PHP Jabbers Hotel Booking System v4.0. This issue occurs during password recovery, where a difference in messages could allow an attacker to determine if the user is valid or not, enabling a brute force attack with valid users.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T18:46:10.553Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.phpjabbers.com/hotel-booking-system/"
},
{
"tags": [
"x_transferred"
],
"url": "https://medium.com/%40mfortinsec/multiple-vulnerabilities-in-phpjabbers-part-3-40fc3565982f"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-40760",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-02T15:38:01.706580Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-02T15:38:11.049Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "User enumeration is found in PHP Jabbers Hotel Booking System v4.0. This issue occurs during password recovery, where a difference in messages could allow an attacker to determine if the user is valid or not, enabling a brute force attack with valid users."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-28T12:49:36.964254",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.phpjabbers.com/hotel-booking-system/"
},
{
"url": "https://medium.com/%40mfortinsec/multiple-vulnerabilities-in-phpjabbers-part-3-40fc3565982f"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-40760",
"datePublished": "2023-08-28T00:00:00",
"dateReserved": "2023-08-22T00:00:00",
"dateUpdated": "2024-10-02T15:38:11.049Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-51299 (GCVE-0-2023-51299)
Vulnerability from cvelistv5
Published
2025-02-19 00:00
Modified
2025-02-20 15:06
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
PHPJabbers Hotel Booking System v4.0 is vulnerable to HTML Injection in the "name, plugin_sms_api_key, plugin_sms_country_code, title, plugin_sms_api_key, title" parameters.
References
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-51299",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-20T15:05:51.473370Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-20T15:06:33.787Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "PHPJabbers Hotel Booking System v4.0 is vulnerable to HTML Injection in the \"name, plugin_sms_api_key, plugin_sms_country_code, title, plugin_sms_api_key, title\" parameters."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-19T19:56:42.318Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.phpjabbers.com/hotel-booking-system/#sectionDemo"
},
{
"url": "https://packetstorm.news/files/id/176488"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-51299",
"datePublished": "2025-02-19T00:00:00.000Z",
"dateReserved": "2023-12-18T00:00:00.000Z",
"dateUpdated": "2025-02-20T15:06:33.787Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-51301 (GCVE-0-2023-51301)
Vulnerability from cvelistv5
Published
2025-02-19 00:00
Modified
2025-02-20 15:02
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
A lack of rate limiting in the "Login Section, Forgot Email" feature of PHPJabbers Hotel Booking System v4.0 allows attackers to send an excessive amount of reset requests for a legitimate user, leading to a possible Denial of Service (DoS) via a large amount of generated e-mail messages.
References
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-51301",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-20T15:01:26.632364Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400 Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-20T15:02:48.598Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A lack of rate limiting in the \"Login Section, Forgot Email\" feature of PHPJabbers Hotel Booking System v4.0 allows attackers to send an excessive amount of reset requests for a legitimate user, leading to a possible Denial of Service (DoS) via a large amount of generated e-mail messages."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-19T20:13:44.550Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.phpjabbers.com/hotel-booking-system/#sectionDemo"
},
{
"url": "https://packetstorm.news/files/id/176486"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-51301",
"datePublished": "2025-02-19T00:00:00.000Z",
"dateReserved": "2023-12-18T00:00:00.000Z",
"dateUpdated": "2025-02-20T15:02:48.598Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}