Vulnerabilites related to phpjabbers - restaurant_booking_system
Vulnerability from fkie_nvd
Published
2025-02-20 15:15
Modified
2025-04-24 15:01
Severity ?
Summary
PHPJabbers Restaurant Booking System v3.0 is vulnerable to Multiple Stored Cross-Site Scripting (XSS) in the "seat_name, plugin_sms_api_key, plugin_sms_country_code, title, name" parameters.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://packetstorm.news/files/id/176493 | Exploit, VDB Entry, Third Party Advisory | |
| cve@mitre.org | https://www.phpjabbers.com/restaurant-booking-system/#sectionDemo | Product | |
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | https://packetstorm.news/files/id/176493 | Exploit, VDB Entry, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| phpjabbers | restaurant_booking_system | 3.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpjabbers:restaurant_booking_system:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "11956F41-0164-4C1D-88E0-60ED8EEEE8B2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "PHPJabbers Restaurant Booking System v3.0 is vulnerable to Multiple Stored Cross-Site Scripting (XSS) in the \"seat_name, plugin_sms_api_key, plugin_sms_country_code, title, name\" parameters."
},
{
"lang": "es",
"value": "PHPJabbers Restaurant Booking System v3.0 es vulnerable a m\u00faltiples Cross-Site Scripting (XSS) Almacenado en los par\u00e1metros \"seat_name, plugin_sms_api_key, plugin_sms_country_code, title, name\"."
}
],
"id": "CVE-2023-51315",
"lastModified": "2025-04-24T15:01:46.927",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2025-02-20T15:15:12.680",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"VDB Entry",
"Third Party Advisory"
],
"url": "https://packetstorm.news/files/id/176493"
},
{
"source": "cve@mitre.org",
"tags": [
"Product"
],
"url": "https://www.phpjabbers.com/restaurant-booking-system/#sectionDemo"
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"tags": [
"Exploit",
"VDB Entry",
"Third Party Advisory"
],
"url": "https://packetstorm.news/files/id/176493"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-02-20 15:15
Modified
2025-04-24 15:01
Severity ?
Summary
A lack of rate limiting in the 'Forgot Password', 'Email Settings' feature of PHPJabbers Restaurant Booking System v3.0 allows attackers to send an excessive amount of email for a legitimate user, leading to a possible Denial of Service (DoS) via a large amount of generated e-mail messages.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://packetstorm.news/files/id/176496 | Exploit, VDB Entry, Third Party Advisory | |
| cve@mitre.org | https://www.phpjabbers.com/restaurant-booking-system/#sectionDemo | Product |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| phpjabbers | restaurant_booking_system | 3.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpjabbers:restaurant_booking_system:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "11956F41-0164-4C1D-88E0-60ED8EEEE8B2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A lack of rate limiting in the \u0027Forgot Password\u0027, \u0027Email Settings\u0027 feature of PHPJabbers Restaurant Booking System v3.0 allows attackers to send an excessive amount of email for a legitimate user, leading to a possible Denial of Service (DoS) via a large amount of generated e-mail messages."
},
{
"lang": "es",
"value": "La falta de limitaci\u00f3n de velocidad en las funciones \u0027Forgot Password\u0027, \u0027Email Settings\u0027 de PHPJabbers Restaurant Booking System v3.0 permite a los atacantes enviar una cantidad excesiva de correo electr\u00f3nico a un usuario leg\u00edtimo, lo que lleva a una posible denegaci\u00f3n de servicio (DoS) a trav\u00e9s de una gran cantidad de mensajes de correo electr\u00f3nico generados."
}
],
"id": "CVE-2023-51314",
"lastModified": "2025-04-24T15:01:29.497",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2025-02-20T15:15:12.563",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"VDB Entry",
"Third Party Advisory"
],
"url": "https://packetstorm.news/files/id/176496"
},
{
"source": "cve@mitre.org",
"tags": [
"Product"
],
"url": "https://www.phpjabbers.com/restaurant-booking-system/#sectionDemo"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-400"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-02-20 15:15
Modified
2025-04-23 13:39
Severity ?
Summary
PHPJabbers Restaurant Booking System v3.0 is vulnerable to CSV Injection vulnerability which allows an attacker to execute remote code. The vulnerability exists due to insufficient input validation on Languages section Labels any parameters field in System Options that is used to construct CSV file.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://packetstormsecurity.com/files/176498/PHPJabbers-Restaurant-Booking-System-3.0-CSV-Injection.html | Exploit, VDB Entry, Third Party Advisory | |
| cve@mitre.org | https://www.phpjabbers.com/restaurant-booking-system/#sectionDemo | Product |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| phpjabbers | restaurant_booking_system | 3.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpjabbers:restaurant_booking_system:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "11956F41-0164-4C1D-88E0-60ED8EEEE8B2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "PHPJabbers Restaurant Booking System v3.0 is vulnerable to CSV Injection vulnerability which allows an attacker to execute remote code. The vulnerability exists due to insufficient input validation on Languages section Labels any parameters field in System Options that is used to construct CSV file."
},
{
"lang": "es",
"value": "PHPJabbers Restaurant Booking System v3.0 es afectado por una vulnerabilidad de inyecci\u00f3n CSV que permite a un atacante ejecutar c\u00f3digo remoto. La vulnerabilidad existe debido a una validaci\u00f3n de entrada insuficiente en la secci\u00f3n Idiomas Etiqueta cualquier campo de par\u00e1metros en System Options que se utiliza para construir el archivo CSV."
}
],
"id": "CVE-2023-51313",
"lastModified": "2025-04-23T13:39:30.370",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2025-02-20T15:15:12.437",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"VDB Entry",
"Third Party Advisory"
],
"url": "http://packetstormsecurity.com/files/176498/PHPJabbers-Restaurant-Booking-System-3.0-CSV-Injection.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Product"
],
"url": "https://www.phpjabbers.com/restaurant-booking-system/#sectionDemo"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-94"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-02-20 16:15
Modified
2025-04-22 14:10
Severity ?
Summary
PHPJabbers Restaurant Booking System v3.0 is vulnerable to Multiple HTML Injection in the "name, plugin_sms_api_key, plugin_sms_country_code, title, plugin_sms_api_key, title" parameters.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://packetstorm.news/files/id/176493 | Exploit, VDB Entry, Third Party Advisory | |
| cve@mitre.org | https://www.phpjabbers.com/restaurant-booking-system/#sectionDemo | Product |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| phpjabbers | restaurant_booking_system | 3.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpjabbers:restaurant_booking_system:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "11956F41-0164-4C1D-88E0-60ED8EEEE8B2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "PHPJabbers Restaurant Booking System v3.0 is vulnerable to Multiple HTML Injection in the \"name, plugin_sms_api_key, plugin_sms_country_code, title, plugin_sms_api_key, title\" parameters."
},
{
"lang": "es",
"value": "PHPJabbers Restaurant Booking System v3.0 es vulnerable a la inyecci\u00f3n de HTML m\u00faltiple en los par\u00e1metros \"name, plugin_sms_api_key, plugin_sms_country_code, title, plugin_sms_api_key, title\"."
}
],
"id": "CVE-2023-51317",
"lastModified": "2025-04-22T14:10:46.450",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 2.5,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2025-02-20T16:15:34.600",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"VDB Entry",
"Third Party Advisory"
],
"url": "https://packetstorm.news/files/id/176493"
},
{
"source": "cve@mitre.org",
"tags": [
"Product"
],
"url": "https://www.phpjabbers.com/restaurant-booking-system/#sectionDemo"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-94"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-02-20 15:15
Modified
2025-04-23 13:46
Severity ?
Summary
PHPJabbers Restaurant Booking System v3.0 is vulnerable to Reflected Cross-Site Scripting (XSS) in Reservations menu, Schedule section date parameter.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://packetstorm.news/files/id/176493 | Exploit, VDB Entry, Third Party Advisory | |
| cve@mitre.org | https://www.phpjabbers.com/restaurant-booking-system/#sectionDemo | Product | |
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | https://packetstorm.news/files/id/176493 | Exploit, VDB Entry, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| phpjabbers | restaurant_booking_system | 3.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phpjabbers:restaurant_booking_system:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "11956F41-0164-4C1D-88E0-60ED8EEEE8B2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "PHPJabbers Restaurant Booking System v3.0 is vulnerable to Reflected Cross-Site Scripting (XSS) in Reservations menu, Schedule section date parameter."
},
{
"lang": "es",
"value": "PHPJabbers Restaurant Booking System v3.0 es vulnerable a Cross-Site Scripting (XSS) Reflejado en el men\u00fa Reservas, secci\u00f3n Programaci\u00f3n, par\u00e1metro de fecha."
}
],
"id": "CVE-2023-51312",
"lastModified": "2025-04-23T13:46:26.907",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2025-02-20T15:15:12.293",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"VDB Entry",
"Third Party Advisory"
],
"url": "https://packetstorm.news/files/id/176493"
},
{
"source": "cve@mitre.org",
"tags": [
"Product"
],
"url": "https://www.phpjabbers.com/restaurant-booking-system/#sectionDemo"
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"tags": [
"Exploit",
"VDB Entry",
"Third Party Advisory"
],
"url": "https://packetstorm.news/files/id/176493"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
CVE-2023-51315 (GCVE-0-2023-51315)
Vulnerability from cvelistv5
Published
2025-02-20 00:00
Modified
2025-02-20 17:13
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
PHPJabbers Restaurant Booking System v3.0 is vulnerable to Multiple Stored Cross-Site Scripting (XSS) in the "seat_name, plugin_sms_api_key, plugin_sms_country_code, title, name" parameters.
References
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-51315",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-20T17:12:59.041576Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-20T17:13:54.969Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://packetstorm.news/files/id/176493"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "PHPJabbers Restaurant Booking System v3.0 is vulnerable to Multiple Stored Cross-Site Scripting (XSS) in the \"seat_name, plugin_sms_api_key, plugin_sms_country_code, title, name\" parameters."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-20T14:34:39.916Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.phpjabbers.com/restaurant-booking-system/#sectionDemo"
},
{
"url": "https://packetstorm.news/files/id/176493"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-51315",
"datePublished": "2025-02-20T00:00:00.000Z",
"dateReserved": "2023-12-18T00:00:00.000Z",
"dateUpdated": "2025-02-20T17:13:54.969Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-51312 (GCVE-0-2023-51312)
Vulnerability from cvelistv5
Published
2025-02-20 00:00
Modified
2025-02-20 17:14
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
PHPJabbers Restaurant Booking System v3.0 is vulnerable to Reflected Cross-Site Scripting (XSS) in Reservations menu, Schedule section date parameter.
References
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-51312",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-20T17:14:08.739529Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-20T17:14:32.390Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://packetstorm.news/files/id/176493"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "PHPJabbers Restaurant Booking System v3.0 is vulnerable to Reflected Cross-Site Scripting (XSS) in Reservations menu, Schedule section date parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-20T14:30:33.943Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.phpjabbers.com/restaurant-booking-system/#sectionDemo"
},
{
"url": "https://packetstorm.news/files/id/176493"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-51312",
"datePublished": "2025-02-20T00:00:00.000Z",
"dateReserved": "2023-12-18T00:00:00.000Z",
"dateUpdated": "2025-02-20T17:14:32.390Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-51313 (GCVE-0-2023-51313)
Vulnerability from cvelistv5
Published
2025-02-20 00:00
Modified
2025-02-21 17:46
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
PHPJabbers Restaurant Booking System v3.0 is vulnerable to CSV Injection vulnerability which allows an attacker to execute remote code. The vulnerability exists due to insufficient input validation on Languages section Labels any parameters field in System Options that is used to construct CSV file.
References
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-51313",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-21T17:46:05.582306Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-21T17:46:52.712Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "PHPJabbers Restaurant Booking System v3.0 is vulnerable to CSV Injection vulnerability which allows an attacker to execute remote code. The vulnerability exists due to insufficient input validation on Languages section Labels any parameters field in System Options that is used to construct CSV file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-20T14:30:57.912Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.phpjabbers.com/restaurant-booking-system/#sectionDemo"
},
{
"url": "http://packetstormsecurity.com/files/176498/PHPJabbers-Restaurant-Booking-System-3.0-CSV-Injection.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-51313",
"datePublished": "2025-02-20T00:00:00.000Z",
"dateReserved": "2023-12-18T00:00:00.000Z",
"dateUpdated": "2025-02-21T17:46:52.712Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-51314 (GCVE-0-2023-51314)
Vulnerability from cvelistv5
Published
2025-02-20 00:00
Modified
2025-02-21 17:45
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
A lack of rate limiting in the 'Forgot Password', 'Email Settings' feature of PHPJabbers Restaurant Booking System v3.0 allows attackers to send an excessive amount of email for a legitimate user, leading to a possible Denial of Service (DoS) via a large amount of generated e-mail messages.
References
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-51314",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-21T17:44:39.910136Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400 Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-21T17:45:12.950Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A lack of rate limiting in the \u0027Forgot Password\u0027, \u0027Email Settings\u0027 feature of PHPJabbers Restaurant Booking System v3.0 allows attackers to send an excessive amount of email for a legitimate user, leading to a possible Denial of Service (DoS) via a large amount of generated e-mail messages."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-20T14:33:54.205Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.phpjabbers.com/restaurant-booking-system/#sectionDemo"
},
{
"url": "https://packetstorm.news/files/id/176496"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-51314",
"datePublished": "2025-02-20T00:00:00.000Z",
"dateReserved": "2023-12-18T00:00:00.000Z",
"dateUpdated": "2025-02-21T17:45:12.950Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-51317 (GCVE-0-2023-51317)
Vulnerability from cvelistv5
Published
2025-02-20 00:00
Modified
2025-02-21 19:38
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
PHPJabbers Restaurant Booking System v3.0 is vulnerable to Multiple HTML Injection in the "name, plugin_sms_api_key, plugin_sms_country_code, title, plugin_sms_api_key, title" parameters.
References
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-51317",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-21T19:36:58.312094Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-21T19:38:33.214Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "PHPJabbers Restaurant Booking System v3.0 is vulnerable to Multiple HTML Injection in the \"name, plugin_sms_api_key, plugin_sms_country_code, title, plugin_sms_api_key, title\" parameters."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-20T15:11:08.659Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.phpjabbers.com/restaurant-booking-system/#sectionDemo"
},
{
"url": "https://packetstorm.news/files/id/176493"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-51317",
"datePublished": "2025-02-20T00:00:00.000Z",
"dateReserved": "2023-12-18T00:00:00.000Z",
"dateUpdated": "2025-02-21T19:38:33.214Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}