CVE-2023-51314

CVE-2023-51314 affects the PHPJabbers Restaurant Booking System version 3.0, where a lack of rate limiting in the 'Forgot Password' and 'Email Settings' features enables attackers to trigger an excessive volume of emails for legitimate users. This flaw leads to a Denial of Service (DoS) condition through the generation of a large number of email messages, consuming server resources. The vulnerability carries a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) and is linked to CWE-400 (Uncontrolled Resource Consumption).

Unauthenticated attackers with network access can exploit this issue remotely and with low complexity, requiring no user interaction. By repeatedly abusing the affected features, they can inundate the target system or its email infrastructure with messages tied to valid user accounts, resulting in high-impact availability disruption without affecting confidentiality or integrity.

Details on the vulnerability, including proof-of-concept information, are documented in advisories hosted on PacketStormsecurity.com (e.g., http://packetstormsecurity.com/files/176496/PHPJabbers-Restaurant-Booking-System-3.0-Missing-Rate-Limiting.html). No patches or specific mitigations are detailed in the available references; affected users should monitor the vendor's site (https://www.phpjabbers.com/restaurant-booking-system/#sectionDemo) for updates and consider implementing custom rate limiting on email-related endpoints.