Denial of Service Vulnerability in PHPJabbers Event Booking Calendar
CVE-2023-51293

7.5HIGH

Key Information:

Vendor: PHPJabbers
Status: Event Booking Calendar
Vendor: CVE Published:; 19 February 2025

Summary

The PHPJabbers Event Booking Calendar version 4.0 contains a vulnerability due to a lack of rate limiting in its 'Forgot Password' and 'Email Settings' features. This vulnerability enables attackers to exploit the system by sending an excessive number of emails on behalf of legitimate users, potentially leading to a Denial of Service (DoS) situation. Such activity can overwhelm the server, disrupt the service, and hinder user access, emphasizing the need for effective rate limiting mechanisms to safeguard against abuse.

References

https://www.phpjabbers.com/event-booking-calendar/#sectio...

http://packetstormsecurity.com/files/176495/PHPJabbers-Ev...

https://packetstorm.news/files/id/176495

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Feb 19, 2025
Vulnerability Reserved
Dec 18, 2023