Login Sign Up

CVE-2023-48835

8.8 HIGH

📋 TL;DR

Car Rental Script v3.0 contains a CSV injection vulnerability in the Language > Labels > Export functionality. This allows attackers to inject malicious formulas into exported CSV files, which can execute code when opened in spreadsheet applications. Anyone using Car Rental Script v3.0 with the export feature enabled is affected.

💻 Affected Systems

Products:
  • Car Rental Script
Versions: v3.0
Operating Systems: All
Default Config Vulnerable: ⚠️ Yes
Notes: Requires the Language > Labels > Export feature to be accessible, which is typically available to administrators.

📦 What is this software?

Car Rental Script by Phpjabbers

View all CVEs affecting Car Rental Script →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution on client machines when victims open malicious CSV files, potentially leading to full system compromise, data theft, or ransomware deployment.

🟠

Likely Case

Formula injection leading to command execution on client workstations, data exfiltration, or phishing attacks leveraging the trusted export functionality.

🟢

If Mitigated

Limited impact with proper user awareness training about opening untrusted CSV files and spreadsheet security settings enabled.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploitation requires authenticated access to the export functionality. CSV injection techniques are well-documented and easy to implement.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: https://www.phpjabbers.com/car-rental-script/

Restart Required: No

Instructions:

No official patch available. Contact vendor for updated version or apply workarounds.

🔧 Temporary Workarounds

Disable CSV Export Feature

all

Remove or restrict access to the Language > Labels > Export functionality in the admin panel.

Implement CSV Sanitization

all

Add server-side validation to escape or remove formula characters (=, +, -, @) from exported CSV data.

Modify export script to prepend single quotes to formula-like cells or strip dangerous characters

🧯 If You Can't Patch

  • Restrict admin panel access to trusted users only using IP whitelisting or VPN.
  • Implement web application firewall rules to block CSV injection payloads in export requests.

🔍 How to Verify

Check if Vulnerable:

Test by exporting labels with payload like =cmd|' /C calc'!A0 in label fields and check if formula executes when opened in Excel.

Check Version:

Check script version in admin panel or readme files.

Verify Fix Applied:

Verify exported CSV files have dangerous characters escaped or prepended with single quotes.

📡 Detection & Monitoring

Log Indicators:

  • Unusual export requests with formula characters in parameters
  • Multiple export requests from single user in short time

Network Indicators:

  • HTTP POST requests to export endpoints containing =, +, @ characters in payload

SIEM Query:

source="web_logs" AND uri_path="/admin/export" AND (request_body LIKE "%=%" OR request_body LIKE "%+%" OR request_body LIKE "%@%")

📊 Metadata

CVE ID: CVE-2023-48835
CVSS v3 Score: 8.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-74
Published: December 7, 2023
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-48835, you might also want to check these:

CVE-2026-25520 10.0

SandboxJS versions before 0.8.29 have a critical sandbox escape vulnerability that allows attackers ...

Same vulnerability type (CWE-74)
CVE-2026-25586 10.0

This CVE describes a sandbox escape vulnerability in SandboxJS library versions before 0.8.29. Attac...

Same vulnerability type (CWE-74)
CVE-2025-20281 10.0

An unauthenticated remote code execution vulnerability in Cisco ISE and ISE-PIC API allows attackers...

Same vulnerability type (CWE-74)