CVE-2023-51298

Name of the Vulnerable Software and Affected Versions PHPJabbers Event Booking Calendar version 4.0

Description The issue exists due to insufficient input validation on the Languages section Labels any parameters field in System Options that is used to construct a CSV file, allowing an attacker to execute remote code through CSV Injection.

Recommendations For PHPJabbers Event Booking Calendar version 4.0, as a temporary workaround, consider disabling the construction of CSV files from user-inputted data in the Languages section Labels any parameters field in System Options until a patch is available. Restrict access to the System Options to minimize the risk of exploitation. Avoid using the parameters field in the affected section until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.