CVE-2023-51293

CVE-2023-51293 affects PHPJabbers Event Booking Calendar version 4.0, where a lack of rate limiting in the 'Forgot Password' and 'Email Settings' features enables attackers to generate an excessive volume of emails for a legitimate user. This uncontrolled resource consumption, classified under CWE-400, can lead to a Denial of Service (DoS) condition through the sheer number of emails produced. The vulnerability carries a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H), highlighting its network-accessible nature and high availability impact.

Unauthenticated attackers (PR:N) can exploit this remotely (AV:N) with low attack complexity (AC:L) and no user interaction (UI:N) by repeatedly triggering the affected features. Successful exploitation overwhelms the target's email generation and delivery systems, causing resource exhaustion and disrupting service availability without impacting confidentiality or integrity.

Advisories on PacketStorm (http://packetstormsecurity.com/files/176495/PHPJabbers-Event-Booking-Calendar-4.0-Missing-Rate-Limiting.html and https://packetstorm.news/files/id/176495) disclose the missing rate limiting, while the vendor's product page (https://www.phpjabbers.com/event-booking-calendar/#sectionDemo) provides demo access but no patch details in the available references.