CVE-2023-51298: Input Validation
First published: Wed Feb 19 2025(Updated: )
PHPJabbers Event Booking Calendar v4.0 is vulnerable to CSV Injection vulnerability which allows an attacker to execute remote code. The vulnerability exists due to insufficient input validation on Languages section Labels any parameters field in System Options that is used to construct CSV file.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| PHPJabbers Event Booking Calendar |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2023-51298?
CVE-2023-51298 is rated as a high severity vulnerability due to the potential for remote code execution.
How do I fix CVE-2023-51298?
To fix CVE-2023-51298, ensure proper input validation on the CSV generation fields and update to the latest version of PHPJabbers Event Booking Calendar if available.
What systems are affected by CVE-2023-51298?
CVE-2023-51298 affects PHPJabbers Event Booking Calendar version 4.0.
What type of vulnerability is CVE-2023-51298?
CVE-2023-51298 is a CSV Injection vulnerability which can lead to the execution of malicious code.
Can CVE-2023-51298 be exploited remotely?
Yes, CVE-2023-51298 can be exploited remotely due to insufficient input validation on the affected parameters.
- agent/references
- agent/description
- agent/type
- agent/author
- agent/guess-ai
- agent/software-canonical-lookup
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/source
- agent/tags
- agent/first-publish-date
- collector/nvd-api
- source/NVD
- agent/weakness
- agent/severity
- agent/last-modified-date
- agent/event
- vendor/phpjabbers
- canonical/phpjabbers event booking calendar