CVEDB API

Vulnerabilities

Vulnerable Software

Phpjabbers: >> Cinema Booking System >> 2.0 Security Vulnerabilities

CVE-2024-57427

PHPJabbers Cinema Booking System v2.0 is vulnerable to reflected cross-site scripting (XSS). Multiple endpoints improperly handle user input, allowing malicious scripts to execute in a victim’s browser. Attackers can craft malicious links to steal session cookies or conduct phishing attacks.

CVSS Score

6.1

EPSS Score

0.001

Published

2025-02-06

CVE-2024-57428

A stored cross-site scripting (XSS) vulnerability in PHPJabbers Cinema Booking System v2.0 exists due to unsanitized input in file upload fields (event_img, seat_maps) and seat number configurations (number[new_X] in pjActionCreate). Attackers can inject persistent JavaScript, leading to phishing, malware injection, and session hijacking.

CVSS Score

9.3

EPSS Score

0.003

Published

2025-02-06

CVE-2024-57429

A cross-site request forgery (CSRF) vulnerability in the pjActionUpdate function of PHPJabbers Cinema Booking System v2.0 allows remote attackers to escalate privileges by tricking an authenticated admin into submitting an unauthorized request.

CVSS Score

5.4

EPSS Score

0.001

Published

2025-02-06

CVE-2024-57430

An SQL injection vulnerability in the pjActionGetUser function of PHPJabbers Cinema Booking System v2.0 allows attackers to manipulate database queries via the column parameter. Exploiting this flaw can lead to unauthorized information disclosure, privilege escalation, or database manipulation.

CVSS Score

9.8

EPSS Score

0.003

Published

2025-02-06

Page 1

Vulnerabilities

Vulnerable Software

Phpjabbers: >> Cinema Booking System >> 2.0 Security Vulnerabilities

Products

Pricing

Contact Us