Resource Exhaustion Vulnerability in Availability Booking Calendar by PHP Jabbers
CVE-2023-48831
7.5HIGH
Summary
A vulnerability exists in Availability Booking Calendar 5.0 that lacks adequate rate limiting in the pjActionAJaxSend function. This deficiency allows malicious attackers to send numerous requests without restriction, potentially leading to resource exhaustion on the affected server. Organizations using this product may face service disruptions as their resources become overwhelmed by excess requests, making it critical for users to implement protective measures.
References
CVSS V3.1
Score:
7.5
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved