PT-2023-28717 · Phpjabbers · Phpjabbers Limo Booking
Minotauro2020
·
Published
2023-10-12
·
Updated
2023-10-18
·
CVE-2023-43147
CVSS v3.1
8.8
High
| Vector | AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
PHPJabbers Limo Booking Software version 1.0
Description
The issue allows for Cross Site Request Forgery (CSRF) to add an admin user via the Add Users Function. This can be achieved through the "index.php?controller=pjAdminUsers&action=pjActionCreate" URI.
Recommendations
For PHPJabbers Limo Booking Software version 1.0, consider disabling the Add Users Function until a patch is available to prevent exploitation. Restrict access to the "index.php?controller=pjAdminUsers&action=pjActionCreate" URI to minimize the risk of CSRF attacks.
Exploit
Fix
CSRF
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Phpjabbers Limo Booking