Denial of Service Vulnerability in PHPJabbers Hotel Booking System
CVE-2023-51301

7.5HIGH

Key Information:

Vendor: PHPJabbers
Status: Hotel Booking System
Vendor: CVE Published:; 19 February 2025

Summary

The PHPJabbers Hotel Booking System version 4.0 is vulnerable due to the absence of rate limiting in its 'Login Section, Forgot Email' feature. This oversight permits attackers to overwhelm the system by generating a high volume of password reset requests for a legitimate user. The result is a potential Denial of Service (DoS) condition, as the system may inundate its email server with excessive messages, leading to disruption for the affected user and impacting overall service availability.

References

https://www.phpjabbers.com/hotel-booking-system/#sectionDemo

https://packetstorm.news/files/id/176486

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Feb 19, 2025
Vulnerability Reserved
Dec 18, 2023