CVE-2023-51311

Name of the Vulnerable Software and Affected Versions PHPJabbers Car Park Booking System version 3.0

Description The issue is related to a CSV injection vulnerability that allows an attacker to execute remote code. This vulnerability exists due to insufficient input validation in the Languages section. Specifically, any parameters field in System Options used to construct the CSV file is affected.

Recommendations For PHPJabbers Car Park Booking System version 3.0, consider disabling the functionality that allows user input to be used in constructing CSV files until a patch is available. Restrict access to the System Options and Languages section to minimize the risk of exploitation. Avoid using any parameters field in System Options that is used to construct the CSV file until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.