Scanner gratuitement
LOWCVE-2023-6075CVSS 3.5

PHPGurukul Restaurant Table Booking System Reservation Request index.php cross site scripting

traduction en cours…

Plateforme

php

Composant

restaurant-table-booking-system

Corrigé dans

1.0.1

AI Confidence: highNVDEPSS 0.1%Révisé: mai 2026
Voir sur NVD
Sauvegarder
Traduction vers votre langue…

A problematic cross-site scripting (XSS) vulnerability has been identified in PHPGurukul Restaurant Table Booking System versions 1.0 through 1.0. This vulnerability allows attackers to inject malicious scripts, potentially compromising user sessions and data. The affected component is the Reservation Request Handler, specifically the index.php file. A patch is available in version 1.0.1.

Impact et Scénarios d'Attaquetraduction en cours…

Successful exploitation of CVE-2023-6075 allows an attacker to execute arbitrary JavaScript code within the context of a user's browser session. This can lead to various malicious actions, including session hijacking, credential theft, and defacement of the application. An attacker could potentially gain access to sensitive user data, such as reservation details and personal information. The blast radius is limited to users interacting with the vulnerable Reservation Request Handler.

Contexte d'Exploitationtraduction en cours…

This vulnerability is publicly disclosed and assigned VDB-244944. No known active exploitation campaigns have been reported at the time of writing. The CVSS score is LOW, indicating a relatively low probability of exploitation in the absence of specific targeting. No KEV listing is present.

Qui Est à Risquetraduction en cours…

Restaurants and businesses utilizing PHPGurukul Restaurant Table Booking System version 1.0, particularly those with online reservation capabilities, are at risk. Shared hosting environments where multiple websites share the same server resources could also be affected if one site is vulnerable.

Étapes de Détectiontraduction en cours…

• php: Examine the index.php file for unsanitized user input used in output. • generic web: Check access logs for unusual GET/POST requests containing suspicious JavaScript code. • generic web: Use curl to test the reservation request endpoint with a simple XSS payload (e.g., `<script>alert(1)</script>).

Chronologie de l'Attaque

  1. Disclosure

    disclosure

Renseignement sur les Menaces

Statut de l'Exploit

Preuve de ConceptInconnu
CISA KEVNO
Exposition InternetÉlevée

EPSS

0.07% (percentile 21%)

Vecteur CVSS

RENSEIGNEMENT SUR LES MENACES· CVSS 3.1CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N3.5LOWAttack VectorNetworkComment l'attaquant atteint la cibleAttack ComplexityLowConditions requises pour exploiterPrivileges RequiredLowNiveau d'authentification requisUser InteractionRequiredSi une action de la victime est requiseScopeUnchangedImpact au-delà du composant affectéConfidentialityNoneRisque d'exposition de données sensiblesIntegrityLowRisque de modification non autorisée de donnéesAvailabilityNoneRisque d'interruption de servicenextguardhq.com · Score de base CVSS v3.1
Que signifient ces métriques?
Attack Vector
Réseau — exploitable à distance via internet. Aucun accès physique ou local requis.
Attack Complexity
Faible — aucune condition spéciale requise. Exploitable de manière fiable.
Privileges Required
Faible — tout compte utilisateur valide est suffisant.
User Interaction
Requise — la victime doit ouvrir un fichier, cliquer sur un lien ou visiter une page.
Scope
Inchangé — impact limité au composant vulnérable.
Confidentiality
Aucun — aucun impact sur la confidentialité.
Integrity
Faible — l'attaquant peut modifier certaines données avec un impact limité.
Availability
Aucun — aucun impact sur la disponibilité.

Logiciel Affecté

Composantrestaurant-table-booking-system
FournisseurPHPGurukul
Plage affectéeCorrigé dans
1.0 – 1.01.0.1

Classification de Faiblesse (CWE)

CWE-79

Chronologie

  1. Réservé
  2. Publiée
  3. Modifiée
  4. EPSS mis à jour

Mitigation et Contournementstraduction en cours…

The primary mitigation for CVE-2023-6075 is to upgrade to version 1.0.1 of the PHPGurukul Restaurant Table Booking System. If upgrading is not immediately feasible, consider implementing input validation and output encoding on the Reservation Request Handler to sanitize user-supplied data. While a WAF might offer some protection, it's not a substitute for patching. After upgrade, confirm the vulnerability is resolved by attempting to inject a simple XSS payload into the reservation request form.

Comment corrigertraduction en cours…

Actualizar a una versión parcheada o aplicar las medidas de seguridad necesarias para evitar la inyección de código XSS en el archivo index.php. Validar y limpiar las entradas del usuario antes de mostrarlas en la página.

Newsletter Sécurité CVE

Analyses de vulnérabilités et alertes critiques directement dans votre boîte mail.

Questions fréquentestraduction en cours…

What is CVE-2023-6075 — XSS in Restaurant Table Booking System?

CVE-2023-6075 is a cross-site scripting (XSS) vulnerability affecting PHPGurukul Restaurant Table Booking System versions 1.0–1.0, allowing attackers to inject malicious scripts.

Am I affected by CVE-2023-6075 in Restaurant Table Booking System?

You are affected if you are using PHPGurukul Restaurant Table Booking System version 1.0. Upgrade to version 1.0.1 to mitigate the risk.

How do I fix CVE-2023-6075 in Restaurant Table Booking System?

Upgrade to version 1.0.1 of the PHPGurukul Restaurant Table Booking System. Implement input validation and output encoding as a temporary workaround.

Is CVE-2023-6075 being actively exploited?

No active exploitation campaigns have been reported, but the vulnerability is publicly disclosed and could be targeted.

Where can I find the official Restaurant Table Booking System advisory for CVE-2023-6075?

Refer to the PHPGurukul website or relevant security advisories for the official advisory regarding CVE-2023-6075.

Ton projet est-il affecté ?

Téléverse ton fichier de dépendances et découvre instantanément si cette CVE et d'autres te touchent.

Scanner gratuitementRechercher des CVE