CVE-2023-51302

Name of the Vulnerable Software and Affected Versions PHPJabbers Hotel Booking System version 4.0

Description The PHPJabbers Hotel Booking System is affected by a CSV injection vulnerability, allowing an attacker to execute remote code. This issue exists due to insufficient input validation in the Languages section. Specifically, any parameters field in System Options used to construct the CSV file is vulnerable.

Recommendations For PHPJabbers Hotel Booking System version 4.0, consider disabling any parameters field in System Options that is used to construct the CSV file until a patch is available. Restrict access to the Languages section to minimize the risk of exploitation. Avoid using any fields in System Options that could be used to inject malicious CSV data. At the moment, there is no information about a newer version that contains a fix for this vulnerability.