Cinema Booking System
Approved changes feed: RSS · Atom
cpe:2.3:a:phpjabbers:cinema_booking_system:2.0:*:*:*:*:*:*:*
part: a version: 2.0 update: *
| Vendor | Phpjabbers (2f919538-31c8-5cbb-b18c-c6079deaeb0d) |
|---|---|
| Product | Cinema Booking System (9d2262ec-5bef-590a-bc82-64c572300bed) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from gcve-enriched-dumps CVE data |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2024-57430 |
vulnerable | 2026-06-03 14:57:50.593551 |
Details available
An SQL injection vulnerability in the pjActionGetUser function of PHPJabbers Cinema Booking System v2.0 allows attackers to manipulate database queries via the column parameter. Exploiting this flaw can lead to unauthorized information disclosure, privilege escalation, or database manipulation.
Published: 2025-02-06T00:00:00.000Z
Updated: 2025-02-06T21:23:45.597Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-57429 |
vulnerable | 2026-06-03 14:57:50.593174 |
Details available
A cross-site request forgery (CSRF) vulnerability in the pjActionUpdate function of PHPJabbers Cinema Booking System v2.0 allows remote attackers to escalate privileges by tricking an authenticated admin into submitting an unauthorized request.
Published: 2025-02-06T00:00:00.000Z
Updated: 2025-02-06T21:23:56.306Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-57428 |
vulnerable | 2026-06-03 14:57:50.592801 |
Details available
A stored cross-site scripting (XSS) vulnerability in PHPJabbers Cinema Booking System v2.0 exists due to unsanitized input in file upload fields (event_img, seat_maps) and seat number configurations (number[new_X] in pjActionCreate). Attackers can inject persistent JavaScript, leading to phishing, malware injection, and session hijacking.
Published: 2025-02-06T00:00:00.000Z
Updated: 2025-02-06T21:24:32.654Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-57427 |
vulnerable | 2026-06-03 14:57:50.592296 |
Details available
PHPJabbers Cinema Booking System v2.0 is vulnerable to reflected cross-site scripting (XSS). Multiple endpoints improperly handle user input, allowing malicious scripts to execute in a victim’s browser. Attackers can craft malicious links to steal session cookies or conduct phishing attacks.
Published: 2025-02-06T00:00:00.000Z
Updated: 2025-02-06T16:39:09.317Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.