CVE-2024-57429

Name of the Vulnerable Software and Affected Versions: PHPJabbers Cinema Booking System version 2.0

Description: A cross-site request forgery (CSRF) vulnerability in the pjActionUpdate function allows remote attackers to escalate privileges by tricking an authenticated admin into submitting an unauthorized request.

Recommendations: For PHPJabbers Cinema Booking System version 2.0, consider disabling the pjActionUpdate function until a patch is available to prevent exploitation. Restrict access to this function to minimize the risk of privilege escalation. Avoid using this function in scenarios where an authenticated admin may be tricked into submitting unauthorized requests. At the moment, there is no information about a newer version that contains a fix for this vulnerability.