Insufficient Rate Limiting in PHPJabbers Bus Reservation System
CVE-2023-51316

7.5HIGH

Key Information:

Vendor: PHPJabbers
Status: Bus Reservation System
Vendor: CVE Published:; 20 February 2025

What is CVE-2023-51316?

The PHPJabbers Bus Reservation System v1.1 lacks adequate rate limiting in its 'Forgot Password' feature, which allows malicious actors to exploit this flaw by sending numerous password reset emails on behalf of a legitimate user. This vulnerability can lead to a Denial of Service (DoS) condition as the system may become overwhelmed with email requests, potentially disrupting service availability to users. It's crucial for administrators to evaluate and mitigate such issues to enhance system security.

References

https://www.phpjabbers.com/bus-reservation-system/#sectio...

https://packetstorm.news/files/id/176497

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 20, 2025
Vulnerability Reserved
Dec 18, 2023