CVE-2023-51314
Published: 20 February 2025
Summary
CVE-2023-51314 is a high-severity Uncontrolled Resource Consumption (CWE-400) vulnerability in Phpjabbers Restaurant Booking System. Its CVSS base score is 7.5 (High).
Operationally, ranked at the 46.0th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SC-5 (Denial-of-service Protection) and SC-6 (Resource Availability).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly mitigates the CVE by implementing denial-of-service protections such as rate limiting on forgot password and email settings endpoints to prevent excessive email generation.
Protects against uncontrolled resource consumption by allocating limits on resources used for email processing triggered by repeated requests.
Enforces boundary protections including rate limiting and traffic controls to block floods of requests targeting the vulnerable public features.
NVD Description
A lack of rate limiting in the 'Forgot Password', 'Email Settings' feature of PHPJabbers Restaurant Booking System v3.0 allows attackers to send an excessive amount of email for a legitimate user, leading to a possible Denial of Service (DoS) via…
more
a large amount of generated e-mail messages.
Deeper analysisAI
CVE-2023-51314 affects the PHPJabbers Restaurant Booking System version 3.0, where a lack of rate limiting in the 'Forgot Password' and 'Email Settings' features enables attackers to trigger an excessive volume of emails for legitimate users. This flaw leads to a Denial of Service (DoS) condition through the generation of a large number of email messages, consuming server resources. The vulnerability carries a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) and is linked to CWE-400 (Uncontrolled Resource Consumption).
Unauthenticated attackers with network access can exploit this issue remotely and with low complexity, requiring no user interaction. By repeatedly abusing the affected features, they can inundate the target system or its email infrastructure with messages tied to valid user accounts, resulting in high-impact availability disruption without affecting confidentiality or integrity.
Details on the vulnerability, including proof-of-concept information, are documented in advisories hosted on PacketStormsecurity.com (e.g., http://packetstormsecurity.com/files/176496/PHPJabbers-Restaurant-Booking-System-3.0-Missing-Rate-Limiting.html). No patches or specific mitigations are detailed in the available references; affected users should monitor the vendor's site (https://www.phpjabbers.com/restaurant-booking-system/#sectionDemo) for updates and consider implementing custom rate limiting on email-related endpoints.
Details
- CWE(s)