Plataforma
php
Componente
restaurant-table-booking-system
Corrigido em
1.0.1
A problematic cross-site scripting (XSS) vulnerability has been identified in PHPGurukul Restaurant Table Booking System versions 1.0 through 1.0. This vulnerability allows attackers to inject malicious scripts, potentially compromising user sessions and data. The affected component is the Reservation Request Handler, specifically the index.php file. A patch is available in version 1.0.1.
Successful exploitation of CVE-2023-6075 allows an attacker to execute arbitrary JavaScript code within the context of a user's browser session. This can lead to various malicious actions, including session hijacking, credential theft, and defacement of the application. An attacker could potentially gain access to sensitive user data, such as reservation details and personal information. The blast radius is limited to users interacting with the vulnerable Reservation Request Handler.
This vulnerability is publicly disclosed and assigned VDB-244944. No known active exploitation campaigns have been reported at the time of writing. The CVSS score is LOW, indicating a relatively low probability of exploitation in the absence of specific targeting. No KEV listing is present.
Restaurants and businesses utilizing PHPGurukul Restaurant Table Booking System version 1.0, particularly those with online reservation capabilities, are at risk. Shared hosting environments where multiple websites share the same server resources could also be affected if one site is vulnerable.
• php: Examine the index.php file for unsanitized user input used in output. • generic web: Check access logs for unusual GET/POST requests containing suspicious JavaScript code. • generic web: Use curl to test the reservation request endpoint with a simple XSS payload (e.g., `<script>alert(1)</script>).
disclosure
Status do Exploit
EPSS
0.07% (percentil 21%)
Vetor CVSS
The primary mitigation for CVE-2023-6075 is to upgrade to version 1.0.1 of the PHPGurukul Restaurant Table Booking System. If upgrading is not immediately feasible, consider implementing input validation and output encoding on the Reservation Request Handler to sanitize user-supplied data. While a WAF might offer some protection, it's not a substitute for patching. After upgrade, confirm the vulnerability is resolved by attempting to inject a simple XSS payload into the reservation request form.
Actualizar a una versión parcheada o aplicar las medidas de seguridad necesarias para evitar la inyección de código XSS en el archivo index.php. Validar y limpiar las entradas del usuario antes de mostrarlas en la página.
Análise de vulnerabilidades e alertas críticos diretamente no seu e-mail.
CVE-2023-6075 is a cross-site scripting (XSS) vulnerability affecting PHPGurukul Restaurant Table Booking System versions 1.0–1.0, allowing attackers to inject malicious scripts.
You are affected if you are using PHPGurukul Restaurant Table Booking System version 1.0. Upgrade to version 1.0.1 to mitigate the risk.
Upgrade to version 1.0.1 of the PHPGurukul Restaurant Table Booking System. Implement input validation and output encoding as a temporary workaround.
No active exploitation campaigns have been reported, but the vulnerability is publicly disclosed and could be targeted.
Refer to the PHPGurukul website or relevant security advisories for the official advisory regarding CVE-2023-6075.
Envie seu arquivo de dependências e descubra na hora se esta e outras CVEs te atingem.