CVE-2023-51320

Name of the Vulnerable Software and Affected Versions PHPJabbers Night Club Booking Software version 1.0

Description The issue is related to a CSV injection vulnerability that allows an attacker to execute remote code. This vulnerability exists due to insufficient input validation in the Languages section. Specifically, it involves labels and any parameters field in System Options used to construct the CSV file, such as username or language id.

Recommendations For PHPJabbers Night Club Booking Software version 1.0, as a temporary workaround, consider disabling the construction of CSV files from user-inputted data in the System Options until a patch is available. Restrict access to the Languages section to minimize the risk of exploitation. Avoid using parameters that are used to construct the CSV file in the affected API endpoints until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.