CVE-2023-51316

CVE-2023-51316 is a vulnerability stemming from a lack of rate limiting in the 'Forgot Password' feature of PHPJabbers Bus Reservation System version 1.1. This flaw enables attackers to trigger an excessive volume of email generation targeted at a legitimate user account, resulting in a denial-of-service (DoS) condition. The issue is classified under CWE-400 (Uncontrolled Resource Consumption) and carries a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H), indicating high severity primarily due to its impact on availability.

Unauthenticated attackers (PR:N) can exploit this vulnerability remotely over the network (AV:N) with low complexity and no user interaction required. By repeatedly submitting forgot password requests for a valid user, an attacker can overwhelm the system's email generation process, flooding the mail server or service with a large number of messages and causing resource exhaustion that disrupts service availability for the targeted user or the application as a whole.

Advisories detailing the vulnerability are available from Packet Storm Security, including exploit details at http://packetstormsecurity.com/files/176497/PHPJabbers-Bus-Reservation-System-1.1-Missing-Rate-Limiting.html and https://packetstorm.news/files/id/176497. The official product page at https://www.phpjabbers.com/bus-reservation-system/#sectionDemo provides demo access but no specific patch or mitigation guidance is referenced in the available disclosures. Security practitioners should implement rate limiting on forgot password endpoints and monitor email generation logs in affected deployments.