CVE-2023-51298

CVSS 3.1 Score 4.7 of 10 (medium)

Details

Published Feb 19, 2025

Updated: Feb 20, 2025

CWE ID 1236

Summary

CVE-2023-51298 is a newly disclosed vulnerability affecting the PHPJabbers Event Booking Calendar version 4.0. This issue permits an attacker to inject malicious code into the system through insufficient input validation on the Languages section's Labels any parameters field found in the System Options. Consequently, attackers can generate malicious CSV files that, when loaded, execute remote code. System administrators are advised to update their calendar software to mitigate this risk and ensure proper input validation is in place.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

PHPJabbers

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/t1znDL
https://www.cve.org/CVERecord?id=CVE-2023-51298
https://nvd.nist.gov/vuln/detail/CVE-2023-51298

Back to Vulnerability Database

CVE-2023-51298

CVSS 3.1 Score 4.7 of 10 (medium)

Details

Summary

Affected Vendors

Advisories, Assessments, and Mitigations