彙總 PHPJabbers 相關全部產品的 CVE 與安全漏洞情報,包括 CVSS、EPSS、公開時間與漏洞情報資料。
常見弱點模式包括 跨站腳本、SQL 注入、CSRF與路徑處理缺陷,在 軟體部署與生產負載 使用場景中可能帶來 工作階段劫持、資料外洩與檔案覆寫 等風險。
相關漏洞資料主要來源於公開漏洞披露與安全公告,可用於評估歷史漏洞暴露面與修補優先順序。
| CVE | 摘要 | 來源 | 最高 CVSS | EPSS % | 公開時間 | 更新時間 |
|---|---|---|---|---|---|---|
| CVE-2023-53927 | PHPJabbers Simple CMS 5.0 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts through section name parameters. Attackers can create sections with embedded JavaScript payloads that will execute when administrators view the sections, potentially enabling client-side code execution. | [email protected] | 5.1 | 0.23% | 2025-12-17 | 2026-06-17 |
| CVE-2023-53926 | PHPJabbers Simple CMS 5.0 contains a SQL injection vulnerability in the 'column' parameter that allows remote attackers to manipulate database queries. Attackers can inject crafted SQL payloads through the 'column' parameter in the index.php endpoint to potentially extract or modify database information. | [email protected] | 8.7 | 0.51% | 2025-12-17 | 2026-06-17 |
| CVE-2023-53877 | Bus Reservation System 1.1 contains a SQL injection vulnerability in the pickup_id parameter that allows attackers to manipulate database queries. Attackers can exploit boolean-based, error-based, and time-based blind SQL injection techniques to steal information from the database. | [email protected] | 9.3 | 0.39% | 2025-12-15 | 2026-06-17 |
| CVE-2025-10827 | A weakness has been identified in PHPJabbers Restaurant Menu Maker up to 1.1. Affected by this issue is some unknown functionality of the file /preview.php. This manipulation of the argument theme causes cross site scripting. The attack may be initiated remotely. The exploit has been made available to the public and could be exploited. | [email protected] | 2.1 | 0.32% | 2025-09-22 | 2026-06-17 |
| CVE-2023-51328 | PHPJabbers Cleaning Business Software v1.0 is vulnerable to Multiple Stored Cross-Site Scripting (XSS) in the "c_name, name" parameters. | [email protected] | 5.4 | 0.35% | 2025-05-08 | 2026-06-17 |
| CVE-2023-51295 | PHPJabbers Event Booking Calendar v4.0 is vulnerable to Multiple HTML Injection in the "name, plugin_sms_api_key, plugin_sms_country_code, title, plugin_sms_api_key, title" parameters. | [email protected] | 6.5 | 0.31% | 2025-05-08 | 2026-06-17 |
| CVE-2023-51339 | A lack of rate limiting in the 'Forgot Password' feature of PHPJabbers Event Ticketing System v1.0 allows attackers to send an excessive amount of email for a legitimate user, leading to a possible Denial of Service (DoS) via a large amount of generated e-mail messages. | [email protected] | 6.5 | 0.60% | 2025-02-20 | 2026-06-17 |
| CVE-2023-51338 | PHPJabbers Meeting Room Booking System v1.0 is vulnerable to Multiple Stored Cross-Site Scripting (XSS) in the "title, name" parameters of index.php page. | [email protected] | 5.4 | 0.26% | 2025-02-20 | 2026-06-17 |
| CVE-2023-51337 | PHPJabbers Event Ticketing System v1.0 is vulnerable to Reflected Cross-Site Scripting (XSS) in "lid" parameter in index. | [email protected] | 5.4 | 0.31% | 2025-02-20 | 2026-06-17 |
| CVE-2023-51336 | PHPJabbers Meeting Room Booking System v1.0 is vulnerable to CSV Injection vulnerability which allows an attacker to execute remote code. The vulnerability exists due to insufficient input validation on Languages section Labels any parameters field in System Options that is used to construct CSV file. | [email protected] | 8.8 | 0.58% | 2025-02-20 | 2026-06-17 |
| CVE-2023-51335 | PHPJabbers Cinema Booking System v1.0 is vulnerable to Multiple Stored Cross-Site Scripting (XSS) in the "title, name" parameters. | [email protected] | 6.5 | 0.40% | 2025-02-20 | 2026-06-17 |
| CVE-2023-51334 | A lack of rate limiting in the 'Forgot Password' feature of PHPJabbers Cinema Booking System v1.0 allows attackers to send an excessive amount of email for a legitimate user, leading to a possible Denial of Service (DoS) via a large amount of generated e-mail messages. | [email protected] | 5.3 | 0.54% | 2025-02-20 | 2026-06-17 |
| CVE-2023-51333 | PHPJabbers Cinema Booking System v1.0 is vulnerable to CSV Injection vulnerability which allows an attacker to execute remote code. The vulnerability exists due to insufficient input validation on Languages section Labels any parameters field in System Options that is used to construct CSV file. | [email protected] | 8.8 | 0.77% | 2025-02-20 | 2026-06-17 |
| CVE-2023-51332 | A lack of rate limiting in the 'Forgot Password' feature of PHPJabbers Meeting Room Booking System v1.0 allows attackers to send an excessive amount of email for a legitimate user, leading to a possible Denial of Service (DoS) via a large amount of generated e-mail messages. | [email protected] | 4.3 | 0.38% | 2025-02-20 | 2026-06-17 |
| CVE-2023-51331 | PHPJabbers Cleaning Business Software v1.0 is vulnerable to CSV Injection vulnerability which allows an attacker to execute remote code. The vulnerability exists due to insufficient input validation on Languages section Labels any parameters field in System Options that is used to construct CSV file. | [email protected] | 6.5 | 0.47% | 2025-02-20 | 2026-06-17 |
| CVE-2023-51330 | PHPJabbers Cinema Booking System v1.0 is vulnerable to Reflected Cross-Site Scripting (XSS) in Now Showing menu "date" parameter. | [email protected] | 5.4 | 0.31% | 2025-02-20 | 2026-06-17 |
| CVE-2023-51327 | A lack of rate limiting in the 'Forgot Password' feature of PHPJabbers Cleaning Business Software v1.0 allows attackers to send an excessive amount of email for a legitimate user, leading to a possible Denial of Service (DoS) via a large amount of generated e-mail messages. | [email protected] | 6.5 | 0.43% | 2025-02-20 | 2026-06-17 |
| CVE-2023-51326 | A lack of rate limiting in the 'Forgot Password' feature of PHPJabbers Cleaning Business Software v1.0 allows attackers to send an excessive amount of email for a legitimate user, leading to a possible Denial of Service (DoS) via a large amount of generated e-mail messages. | [email protected] | 6.5 | 0.43% | 2025-02-20 | 2026-06-17 |
| CVE-2023-51325 | PHPJabbers Shared Asset Booking System v1.0 is vulnerable to Multiple Stored Cross-Site Scripting (XSS) in the "title, name" parameters. | [email protected] | 5.4 | 0.38% | 2025-02-20 | 2026-06-17 |
| CVE-2023-51324 | PHPJabbers Shared Asset Booking System v1.0 is vulnerable to CSV Injection vulnerability which allows an attacker to execute remote code. The vulnerability exists due to insufficient input validation on Languages section Labels any parameters field in System Options that is used to construct CSV file. | [email protected] | 6.5 | 0.39% | 2025-02-20 | 2026-06-17 |