PHPJabbers Restaurant Booking System Rate Limiting Vulnerability in Email Settings Feature
Vulnerability
A denial-of-service vulnerability has been identified in PHPJabbers Restaurant Booking System version 3.0, stemming from a lack of rate limiting in the 'Forgot Password' and 'Email Settings' features. This absence of proper request management allows attackers to inundate a legitimate user's email with excessive messages, potentially leading to service disruption.
Impact
Exploitation of this vulnerability can cause a denial-of-service condition by generating a large volume of email messages, which could overwhelm the recipient's inbox or disrupt email service.
Reproduction
To reproduce this vulnerability, log into the dashboard and navigate to the 'Email Settings' section under the 'System Options' menu. Once there, enter any email address and name in the respective fields and send the request. The absence of rate limiting will allow for the excessive sending of emails to the specified address.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.