CVE-2023-51319

Name of the Vulnerable Software and Affected Versions PHPJabbers Bus Reservation System version 1.1

Description The issue allows an attacker to execute remote code due to insufficient input validation in the Languages section Labels any parameters field in System Options, which is used to construct a CSV file. This insufficient validation enables a CSV Injection vulnerability.

Recommendations For PHPJabbers Bus Reservation System version 1.1, consider disabling the functionality that constructs CSV files from user-inputted data in the System Options until a patch is available. Restrict access to the Languages section to minimize the risk of exploitation. Avoid using the parameters field in System Options that is used for CSV file construction until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.