VYPR
Vendor

Mrbs

Products
2
CVEs
9
Across products
11
Status
Private

Products

2

Recent CVEs

9
  • CVE-2024-48465CriOct 28, 2024
    risk 0.64cvss 9.8epss 0.00

    The MRBS version 1.5.0 has an SQL injection vulnerability in the edit_entry_handler.php file, specifically in the rooms%5B%5D parameter

  • CVE-2008-4620Oct 21, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in Meeting Room Booking System (MRBS) before 1.4 allows remote attackers to execute arbitrary SQL commands via the area parameter to (1) month.php, and possibly (2) day.php and (3) week.php.

  • CVE-2008-3565Aug 10, 2008
    risk 0.03cvss epss 0.01

    Multiple cross-site scripting (XSS) vulnerabilities in Meeting Room Booking System (MRBS) 1.2.6 allow remote attackers to inject arbitrary web script or HTML via the area parameter to (1) day.php, (2) week.php, (3) month.php, (4) search.php, (5) report.php, and (6) help.php. …

  • CVE-2007-6538Dec 27, 2007
    risk 0.03cvss epss 0.04

    SQL injection vulnerability in ing/blocks/mrbs/code/web/view_entry.php in the MRBS plugin for Moodle allows remote attackers to execute arbitrary SQL commands via the id parameter.

  • CVE-2023-51332Feb 20, 2025
    risk 0.00cvss epss 0.00

    A lack of rate limiting in the 'Forgot Password' feature of PHPJabbers Meeting Room Booking System v1.0 allows attackers to send an excessive amount of email for a legitimate user, leading to a possible Denial of Service (DoS) via a large amount of generated e-mail messages.

  • CVE-2023-51338Feb 20, 2025
    risk 0.00cvss epss 0.00

    PHPJabbers Meeting Room Booking System v1.0 is vulnerable to Multiple Stored Cross-Site Scripting (XSS) in the "title, name" parameters of index.php page.

  • CVE-2023-51336Feb 20, 2025
    risk 0.00cvss epss 0.01

    PHPJabbers Meeting Room Booking System v1.0 is vulnerable to CSV Injection vulnerability which allows an attacker to execute remote code. The vulnerability exists due to insufficient input validation on Languages section Labels any parameters field in System Options that is used…

  • CVE-2013-7406Oct 21, 2014
    risk 0.00cvss epss 0.01

    SQL injection vulnerability in the MRBS module for Drupal allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

  • CVE-2009-3533Oct 2, 2009
    risk 0.00cvss epss 0.02

    SQL injection vulnerability in report.php in Meeting Room Booking System (MRBS) before 1.4.2 allows remote attackers to execute arbitrary SQL commands via the typematch parameter. NOTE: some of these details are obtained from third party information.