Vulnerabilities > Phpjabbers > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-12-07 | CVE-2023-48207 | Improper Neutralization of Formula Elements in a CSV File vulnerability in PHPjabbers Availability Booking Calendar 5.0 Availability Booking Calendar 5.0 allows CSV injection via the unique ID field in the Reservations list component. | 8.8 |
| 2023-12-07 | CVE-2023-48826 | Injection vulnerability in PHPjabbers Time Slots Booking Calendar 4.0 Time Slots Booking Calendar 4.0 is vulnerable to CSV Injection via the unique ID field of the Reservations List. | 8.8 |
| 2023-12-07 | CVE-2023-48830 | Injection vulnerability in PHPjabbers Shuttle Booking Software 2.0 Shuttle Booking Software 2.0 is vulnerable to CSV Injection in the Languages section via an export. | 8.8 |
| 2023-12-07 | CVE-2023-48831 | Resource Exhaustion vulnerability in PHPjabbers Availability Booking Calendar 5.0 A lack of rate limiting in pjActionAJaxSend in Availability Booking Calendar 5.0 allows attackers to cause resource exhaustion. | 7.5 |
| 2023-12-07 | CVE-2023-48833 | Resource Exhaustion vulnerability in PHPjabbers Time Slots Booking Calendar 4.0 A lack of rate limiting in pjActionAJaxSend in Time Slots Booking Calendar 4.0 allows attackers to cause resource exhaustion. | 7.5 |
| 2023-12-07 | CVE-2023-48834 | Resource Exhaustion vulnerability in PHPjabbers CAR Rental Script 3.0 A lack of rate limiting in pjActionAjaxSend in Car Rental v3.0 allows attackers to cause resource exhaustion. | 7.5 |
| 2023-12-07 | CVE-2023-48835 | Injection vulnerability in PHPjabbers CAR Rental Script 3.0 Car Rental Script v3.0 is vulnerable to CSV Injection via a Language > Labels > Export action. | 8.8 |
| 2023-12-07 | CVE-2023-48840 | Resource Exhaustion vulnerability in PHPjabbers Appointment Scheduler 3.0 A lack of rate limiting in pjActionAjaxSend in Appointment Scheduler 3.0 allows attackers to cause resource exhaustion. | 7.5 |
| 2023-12-07 | CVE-2023-48841 | Injection vulnerability in PHPjabbers Appointment Scheduler 3.0 Appointment Scheduler 3.0 is vulnerable to CSV Injection via a Language > Labels > Export action. | 8.8 |
| 2023-10-12 | CVE-2023-43147 | Cross-Site Request Forgery (CSRF) vulnerability in PHPjabbers Limo Booking Software 1.0 PHPJabbers Limo Booking Software 1.0 is vulnerable to Cross Site Request Forgery (CSRF) to add an admin user via the Add Users Function, aka an index.php?controller=pjAdminUsers&action=pjActionCreate URI. | 8.8 |