PT-2023-30974 · Unknown · Shuttle Booking
Published
2023-12-06
·
Updated
2023-12-09
·
CVE-2023-48830
CVSS v3.1
8.8
High
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Shuttle Booking Software version 2.0
Description
The issue concerns a CSV Injection vulnerability in the Languages section of the software, which can be exploited via an export.
Recommendations
For Shuttle Booking Software version 2.0, consider avoiding the export feature in the Languages section until a fix is available. As a temporary workaround, restrict access to the export functionality to minimize the risk of exploitation.
Exploit
Fix
Special Elements Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Shuttle Booking