Product:

Cinema_booking_system

(Phpjabbers)
Repositories

Unknown:

This might be proprietary software.
#Vulnerabilities 4
Date Id Summary Products Score Patch Annotated
2025-02-06 CVE-2024-57427 PHPJabbers Cinema Booking System v2.0 is vulnerable to reflected cross-site scripting (XSS). Multiple endpoints improperly handle user input, allowing malicious scripts to execute in a victim’s browser. Attackers can craft malicious links to steal session cookies or conduct phishing attacks. Cinema_booking_system N/A
2025-02-06 CVE-2024-57428 A stored cross-site scripting (XSS) vulnerability in PHPJabbers Cinema Booking System v2.0 exists due to unsanitized input in file upload fields (event_img, seat_maps) and seat number configurations (number[new_X] in pjActionCreate). Attackers can inject persistent JavaScript, leading to phishing, malware injection, and session hijacking. Cinema_booking_system N/A
2025-02-06 CVE-2024-57429 A cross-site request forgery (CSRF) vulnerability in the pjActionUpdate function of PHPJabbers Cinema Booking System v2.0 allows remote attackers to escalate privileges by tricking an authenticated admin into submitting an unauthorized request. Cinema_booking_system N/A
2025-02-06 CVE-2024-57430 An SQL injection vulnerability in the pjActionGetUser function of PHPJabbers Cinema Booking System v2.0 allows attackers to manipulate database queries via the column parameter. Exploiting this flaw can lead to unauthorized information disclosure, privilege escalation, or database manipulation. Cinema_booking_system N/A