PHPJabbers Car Park Booking System Rate Limiting Vulnerability

A missing rate limiting vulnerability has been identified in PHPJabbers Car Park Booking System version 3.0. This vulnerability allows attackers to send a large number of email requests on behalf of a legitimate user through the 'Forgot Password' and 'Email Settings' features. The excessive email generation could lead to a Denial of Service (DoS) condition.

Impact

Exploitation of this vulnerability could cause a Denial of Service (DoS) by overwhelming the email system with a high volume of messages.

Reproduction

To reproduce this vulnerability, log into the dashboard and navigate to the 'Email Settings' section. Enter any email address and name in the respective fields, then check the email inbox for the received messages. Alternatively, the vulnerability can be reproduced by sending excessive password reset requests through the 'Forgot Password' feature on the login panel, using an email address registered on the site.