Resource Exhaustion Vulnerability in Availability Booking Calendar by PHP Jabbers
CVE-2023-48831

7.5HIGH

Key Information:

Vendor: PHPjabbers
Status: Availability Booking Calendar
Vendor: CVE Published:; 7 December 2023

What is CVE-2023-48831?

A vulnerability exists in Availability Booking Calendar 5.0 that lacks adequate rate limiting in the pjActionAJaxSend function. This deficiency allows malicious attackers to send numerous requests without restriction, potentially leading to resource exhaustion on the affected server. Organizations using this product may face service disruptions as their resources become overwhelmed by excess requests, making it critical for users to implement protective measures.

References

https://www.phpjabbers.com/availability-booking-calendar/...

http://packetstormsecurity.com/files/176039

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 7, 2023
Vulnerability Reserved
Nov 20, 2023

PHPjabbers

What is CVE-2023-48831?

References

CVSS V3.1

Timeline