PHPJabbers 漏洞與 CVE 列表(139)

產品(CPE): — CVE 數: 139

PHPJabbers 漏洞概覽

彙總 PHPJabbers 相關全部產品的 CVE 與安全漏洞情報,包括 CVSS、EPSS、公開時間與漏洞情報資料。

常見弱點模式包括 跨站腳本、SQL 注入、CSRF與路徑處理缺陷,在 軟體部署與生產負載 使用場景中可能帶來 工作階段劫持、資料外洩與檔案覆寫 等風險。

相關漏洞資料主要來源於公開漏洞披露與安全公告,可用於評估歷史漏洞暴露面與修補優先順序。

漏洞分布趨勢(近 24 個月)

顯示 120139 CVE 數
«« 第一頁 « 上一頁 第 1 / 7 頁 下一頁 »
CVE 摘要 來源 最高 CVSS EPSS % 公開時間 更新時間
CVE-2023-53927 PHPJabbers Simple CMS 5.0 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts through section name parameters. Attackers can create sections with embedded JavaScript payloads that will execute when administrators view the sections, potentially enabling client-side code execution. [email protected] 5.1 0.23% 2025-12-17 2026-06-17
CVE-2023-53926 PHPJabbers Simple CMS 5.0 contains a SQL injection vulnerability in the 'column' parameter that allows remote attackers to manipulate database queries. Attackers can inject crafted SQL payloads through the 'column' parameter in the index.php endpoint to potentially extract or modify database information. [email protected] 8.7 0.51% 2025-12-17 2026-06-17
CVE-2023-53877 Bus Reservation System 1.1 contains a SQL injection vulnerability in the pickup_id parameter that allows attackers to manipulate database queries. Attackers can exploit boolean-based, error-based, and time-based blind SQL injection techniques to steal information from the database. [email protected] 9.3 0.39% 2025-12-15 2026-06-17
CVE-2025-10827 A weakness has been identified in PHPJabbers Restaurant Menu Maker up to 1.1. Affected by this issue is some unknown functionality of the file /preview.php. This manipulation of the argument theme causes cross site scripting. The attack may be initiated remotely. The exploit has been made available to the public and could be exploited. [email protected] 2.1 0.32% 2025-09-22 2026-06-17
CVE-2023-51328 PHPJabbers Cleaning Business Software v1.0 is vulnerable to Multiple Stored Cross-Site Scripting (XSS) in the "c_name, name" parameters. [email protected] 5.4 0.35% 2025-05-08 2026-06-17
CVE-2023-51295 PHPJabbers Event Booking Calendar v4.0 is vulnerable to Multiple HTML Injection in the "name, plugin_sms_api_key, plugin_sms_country_code, title, plugin_sms_api_key, title" parameters. [email protected] 6.5 0.31% 2025-05-08 2026-06-17
CVE-2023-51339 A lack of rate limiting in the 'Forgot Password' feature of PHPJabbers Event Ticketing System v1.0 allows attackers to send an excessive amount of email for a legitimate user, leading to a possible Denial of Service (DoS) via a large amount of generated e-mail messages. [email protected] 6.5 0.60% 2025-02-20 2026-06-17
CVE-2023-51338 PHPJabbers Meeting Room Booking System v1.0 is vulnerable to Multiple Stored Cross-Site Scripting (XSS) in the "title, name" parameters of index.php page. [email protected] 5.4 0.26% 2025-02-20 2026-06-17
CVE-2023-51337 PHPJabbers Event Ticketing System v1.0 is vulnerable to Reflected Cross-Site Scripting (XSS) in "lid" parameter in index. [email protected] 5.4 0.31% 2025-02-20 2026-06-17
CVE-2023-51336 PHPJabbers Meeting Room Booking System v1.0 is vulnerable to CSV Injection vulnerability which allows an attacker to execute remote code. The vulnerability exists due to insufficient input validation on Languages section Labels any parameters field in System Options that is used to construct CSV file. [email protected] 8.8 0.58% 2025-02-20 2026-06-17
CVE-2023-51335 PHPJabbers Cinema Booking System v1.0 is vulnerable to Multiple Stored Cross-Site Scripting (XSS) in the "title, name" parameters. [email protected] 6.5 0.40% 2025-02-20 2026-06-17
CVE-2023-51334 A lack of rate limiting in the 'Forgot Password' feature of PHPJabbers Cinema Booking System v1.0 allows attackers to send an excessive amount of email for a legitimate user, leading to a possible Denial of Service (DoS) via a large amount of generated e-mail messages. [email protected] 5.3 0.54% 2025-02-20 2026-06-17
CVE-2023-51333 PHPJabbers Cinema Booking System v1.0 is vulnerable to CSV Injection vulnerability which allows an attacker to execute remote code. The vulnerability exists due to insufficient input validation on Languages section Labels any parameters field in System Options that is used to construct CSV file. [email protected] 8.8 0.77% 2025-02-20 2026-06-17
CVE-2023-51332 A lack of rate limiting in the 'Forgot Password' feature of PHPJabbers Meeting Room Booking System v1.0 allows attackers to send an excessive amount of email for a legitimate user, leading to a possible Denial of Service (DoS) via a large amount of generated e-mail messages. [email protected] 4.3 0.38% 2025-02-20 2026-06-17
CVE-2023-51331 PHPJabbers Cleaning Business Software v1.0 is vulnerable to CSV Injection vulnerability which allows an attacker to execute remote code. The vulnerability exists due to insufficient input validation on Languages section Labels any parameters field in System Options that is used to construct CSV file. [email protected] 6.5 0.47% 2025-02-20 2026-06-17
CVE-2023-51330 PHPJabbers Cinema Booking System v1.0 is vulnerable to Reflected Cross-Site Scripting (XSS) in Now Showing menu "date" parameter. [email protected] 5.4 0.31% 2025-02-20 2026-06-17
CVE-2023-51327 A lack of rate limiting in the 'Forgot Password' feature of PHPJabbers Cleaning Business Software v1.0 allows attackers to send an excessive amount of email for a legitimate user, leading to a possible Denial of Service (DoS) via a large amount of generated e-mail messages. [email protected] 6.5 0.43% 2025-02-20 2026-06-17
CVE-2023-51326 A lack of rate limiting in the 'Forgot Password' feature of PHPJabbers Cleaning Business Software v1.0 allows attackers to send an excessive amount of email for a legitimate user, leading to a possible Denial of Service (DoS) via a large amount of generated e-mail messages. [email protected] 6.5 0.43% 2025-02-20 2026-06-17
CVE-2023-51325 PHPJabbers Shared Asset Booking System v1.0 is vulnerable to Multiple Stored Cross-Site Scripting (XSS) in the "title, name" parameters. [email protected] 5.4 0.38% 2025-02-20 2026-06-17
CVE-2023-51324 PHPJabbers Shared Asset Booking System v1.0 is vulnerable to CSV Injection vulnerability which allows an attacker to execute remote code. The vulnerability exists due to insufficient input validation on Languages section Labels any parameters field in System Options that is used to construct CSV file. [email protected] 6.5 0.39% 2025-02-20 2026-06-17
«« 第一頁 « 上一頁 第 1 / 7 頁 下一頁 »
cvelogic Threat Intelligence