29 matches found
EUVD-2024-53585
Malicious code in bioql PyPI...
EUVD-2024-53582
Malicious code in bioql PyPI...
CVE-2023-51334
A lack of rate limiting in the 'Forgot Password' feature of PHPJabbers Cinema Booking System v1.0 allows attackers to send an excessive amount of email for a legitimate user, leading to a possible Denial of Service DoS via a large amount of generated e-mail messages...
CVE-2023-51330
PHPJabbers Cinema Booking System v1.0 is vulnerable to Reflected Cross-Site Scripting XSS in Now Showing menu "date" parameter...
CVE-2023-51335
PHPJabbers Cinema Booking System v1.0 is vulnerable to Multiple Stored Cross-Site Scripting XSS in the "title, name" parameters...
CVE-2023-51333
PHPJabbers Cinema Booking System v1.0 is vulnerable to CSV Injection vulnerability which allows an attacker to execute remote code. The vulnerability exists due to insufficient input validation on Languages section Labels any parameters field in System Options that is used to construct CSV file...
CVE-2023-51334
A lack of rate limiting in the 'Forgot Password' feature of PHPJabbers Cinema Booking System v1.0 allows attackers to send an excessive amount of email for a legitimate user, leading to a possible Denial of Service DoS via a large amount of generated e-mail messages...
CVE-2023-51330
PHPJabbers Cinema Booking System v1.0 is vulnerable to Reflected Cross-Site Scripting XSS in Now Showing menu "date" parameter...
CVE-2024-57430
An SQL injection vulnerability in the pjActionGetUser function of PHPJabbers Cinema Booking System v2.0 allows attackers to manipulate database queries via the column parameter. Exploiting this flaw can lead to unauthorized information disclosure, privilege escalation, or database manipulation...
CVE-2024-57429
A cross-site request forgery CSRF vulnerability in the pjActionUpdate function of PHPJabbers Cinema Booking System v2.0 allows remote attackers to escalate privileges by tricking an authenticated admin into submitting an unauthorized request...
CVE-2024-57428
A stored cross-site scripting XSS vulnerability in PHPJabbers Cinema Booking System v2.0 exists due to unsanitized input in file upload fields eventimg, seatmaps and seat number configurations numbernewX in pjActionCreate. Attackers can inject persistent JavaScript, leading to phishing, malware...
CVE-2024-57428
A stored cross-site scripting XSS vulnerability in PHPJabbers Cinema Booking System v2.0 exists due to unsanitized input in file upload fields eventimg, seatmaps and seat number configurations numbernewX in pjActionCreate. Attackers can inject persistent JavaScript, leading to phishing, malware...
CVE-2024-57429
A cross-site request forgery CSRF vulnerability in the pjActionUpdate function of PHPJabbers Cinema Booking System v2.0 allows remote attackers to escalate privileges by tricking an authenticated admin into submitting an unauthorized request...
PT-2025-5832 · Phpjabbers · Phpjabbers Cinema Booking System
Name of the Vulnerable Software and Affected Versions: PHPJabbers Cinema Booking System version 2.0 Description: A stored cross-site scripting XSS issue exists due to unsanitized input in file upload fields event img, seat maps and seat number configurations numbernew X in pjActionCreate. This...
CVE-2024-57427
CVE-2024-57427 affects PHPJabbers Cinema Booking System version 2.0.0. The vulnerability is a reflected XSS in multiple endpoints that improperly handle user input, enabling attackers to craft links or requests to execute scripts in a victim’s browser. Documented impacts include potential theft o...
CVE-2024-57430
CVE-2024-57430 affects PHPJabbers Cinema Booking System v2.0. The vulnerability is an SQL injection in the pjActionGetUser function, exploitable via the column parameter, enabling manipulation of database queries and potentially leading to unauthorized data disclosure, privilege escalation, or da...
PHPJabbers Cinema Booking System 安全漏洞
PHPJabbers Cinema Booking System is a theater booking system from PHPJabbers. A security vulnerability exists in PHPJabbers Cinema Booking System version v2.0, which originates from an SQL injection vulnerability contained in the pjActionGetUser function...
PHPJabbers Cinema Booking System 安全漏洞
PHPJabbers Cinema Booking System is a theater booking system from PHPJabbers. A security vulnerability exists in PHPJabbers Cinema Booking System version v2.0, which stems from the inclusion of a reflected cross-site scripting vulnerability...
CVE-2024-57428
A stored cross-site scripting XSS vulnerability in PHPJabbers Cinema Booking System v2.0 exists due to unsanitized input in file upload fields eventimg, seatmaps and seat number configurations numbernewX in pjActionCreate. Attackers can inject persistent JavaScript, leading to phishing, malware...
CVE-2024-57429
A cross-site request forgery CSRF vulnerability in the pjActionUpdate function of PHPJabbers Cinema Booking System v2.0 allows remote attackers to escalate privileges by tricking an authenticated admin into submitting an unauthorized request...