PHPJabbers 関連製品全体の CVE とセキュリティ脆弱性情報を集約し、CVSS、EPSS、公開日、脆弱性情報データを掲載しています。
一般的な弱点パターンには vendor risk cross-site scripting、vendor risk sql injection、vendor risk csrf, and パス処理の欠陥 があり、vendor surface software deployment の利用場面で vendor impact session compromise、vendor impact data exposure, and ファイル上書き などのリスクが生じる可能性があります。
掲載データは公開脆弱性情報とセキュリティ公告に基づき、過去の暴露面と修補優先度の評価に利用できます。
| CVE | 概要 | ソース | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|---|
| CVE-2023-53927 | PHPJabbers Simple CMS 5.0 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts through section name parameters. Attackers can create sections with embedded JavaScript payloads that will execute when administrators view the sections, potentially enabling client-side code execution. | [email protected] | 5.1 | 0.02% | 2025-12-17 | 2025-12-27 |
| CVE-2023-53926 | PHPJabbers Simple CMS 5.0 contains a SQL injection vulnerability in the 'column' parameter that allows remote attackers to manipulate database queries. Attackers can inject crafted SQL payloads through the 'column' parameter in the index.php endpoint to potentially extract or modify database information. | [email protected] | 8.7 | 0.27% | 2025-12-17 | 2025-12-24 |
| CVE-2023-53877 | Bus Reservation System 1.1 contains a SQL injection vulnerability in the pickup_id parameter that allows attackers to manipulate database queries. Attackers can exploit boolean-based, error-based, and time-based blind SQL injection techniques to steal information from the database. | [email protected] | 9.3 | 0.03% | 2025-12-15 | 2025-12-18 |
| CVE-2025-10827 | A weakness has been identified in PHPJabbers Restaurant Menu Maker up to 1.1. Affected by this issue is some unknown functionality of the file /preview.php. This manipulation of the argument theme causes cross site scripting. The attack may be initiated remotely. The exploit has been made available to the public and could be exploited. | [email protected] | 2.1 | 0.06% | 2025-09-23 | 2026-04-29 |
| CVE-2023-51328 | PHPJabbers Cleaning Business Software v1.0 is vulnerable to Multiple Stored Cross-Site Scripting (XSS) in the "c_name, name" parameters. | [email protected] | 5.4 | 0.29% | 2025-05-08 | 2025-11-04 |
| CVE-2023-51295 | PHPJabbers Event Booking Calendar v4.0 is vulnerable to Multiple HTML Injection in the "name, plugin_sms_api_key, plugin_sms_country_code, title, plugin_sms_api_key, title" parameters. | [email protected] | 6.5 | 0.31% | 2025-05-08 | 2025-11-04 |
| CVE-2023-51339 | A lack of rate limiting in the 'Forgot Password' feature of PHPJabbers Event Ticketing System v1.0 allows attackers to send an excessive amount of email for a legitimate user, leading to a possible Denial of Service (DoS) via a large amount of generated e-mail messages. | [email protected] | 6.5 | 0.22% | 2025-02-20 | 2025-11-04 |
| CVE-2023-51338 | PHPJabbers Meeting Room Booking System v1.0 is vulnerable to Multiple Stored Cross-Site Scripting (XSS) in the "title, name" parameters of index.php page. | [email protected] | 5.4 | 0.12% | 2025-02-20 | 2025-11-04 |
| CVE-2023-51337 | PHPJabbers Event Ticketing System v1.0 is vulnerable to Reflected Cross-Site Scripting (XSS) in "lid" parameter in index. | [email protected] | 5.4 | 0.12% | 2025-02-20 | 2025-11-04 |
| CVE-2023-51336 | PHPJabbers Meeting Room Booking System v1.0 is vulnerable to CSV Injection vulnerability which allows an attacker to execute remote code. The vulnerability exists due to insufficient input validation on Languages section Labels any parameters field in System Options that is used to construct CSV file. | [email protected] | 8.8 | 0.14% | 2025-02-20 | 2025-11-04 |
| CVE-2023-51335 | PHPJabbers Cinema Booking System v1.0 is vulnerable to Multiple Stored Cross-Site Scripting (XSS) in the "title, name" parameters. | [email protected] | 6.5 | 0.08% | 2025-02-20 | 2025-11-04 |
| CVE-2023-51334 | A lack of rate limiting in the 'Forgot Password' feature of PHPJabbers Cinema Booking System v1.0 allows attackers to send an excessive amount of email for a legitimate user, leading to a possible Denial of Service (DoS) via a large amount of generated e-mail messages. | [email protected] | 5.3 | 0.07% | 2025-02-20 | 2025-11-04 |
| CVE-2023-51333 | PHPJabbers Cinema Booking System v1.0 is vulnerable to CSV Injection vulnerability which allows an attacker to execute remote code. The vulnerability exists due to insufficient input validation on Languages section Labels any parameters field in System Options that is used to construct CSV file. | [email protected] | 8.8 | 0.05% | 2025-02-20 | 2025-11-04 |
| CVE-2023-51332 | A lack of rate limiting in the 'Forgot Password' feature of PHPJabbers Meeting Room Booking System v1.0 allows attackers to send an excessive amount of email for a legitimate user, leading to a possible Denial of Service (DoS) via a large amount of generated e-mail messages. | [email protected] | 4.3 | 0.12% | 2025-02-20 | 2025-11-04 |
| CVE-2023-51331 | PHPJabbers Cleaning Business Software v1.0 is vulnerable to CSV Injection vulnerability which allows an attacker to execute remote code. The vulnerability exists due to insufficient input validation on Languages section Labels any parameters field in System Options that is used to construct CSV file. | [email protected] | 6.5 | 0.13% | 2025-02-20 | 2025-11-04 |
| CVE-2023-51330 | PHPJabbers Cinema Booking System v1.0 is vulnerable to Reflected Cross-Site Scripting (XSS) in Now Showing menu "date" parameter. | [email protected] | 5.4 | 0.10% | 2025-02-20 | 2025-11-04 |
| CVE-2023-51327 | A lack of rate limiting in the 'Forgot Password' feature of PHPJabbers Cleaning Business Software v1.0 allows attackers to send an excessive amount of email for a legitimate user, leading to a possible Denial of Service (DoS) via a large amount of generated e-mail messages. | [email protected] | 6.5 | 0.12% | 2025-02-20 | 2025-11-04 |
| CVE-2023-51326 | A lack of rate limiting in the 'Forgot Password' feature of PHPJabbers Cleaning Business Software v1.0 allows attackers to send an excessive amount of email for a legitimate user, leading to a possible Denial of Service (DoS) via a large amount of generated e-mail messages. | [email protected] | 6.5 | 0.12% | 2025-02-20 | 2025-11-04 |
| CVE-2023-51325 | PHPJabbers Shared Asset Booking System v1.0 is vulnerable to Multiple Stored Cross-Site Scripting (XSS) in the "title, name" parameters. | [email protected] | 5.4 | 0.07% | 2025-02-20 | 2025-11-04 |
| CVE-2023-51324 | PHPJabbers Shared Asset Booking System v1.0 is vulnerable to CSV Injection vulnerability which allows an attacker to execute remote code. The vulnerability exists due to insufficient input validation on Languages section Labels any parameters field in System Options that is used to construct CSV file. | [email protected] | 6.5 | 0.13% | 2025-02-20 | 2025-11-04 |