Volerion logoVolerion
Volerion logoVolerion

PHPJabbers Cinema Booking System Rate Limiting Vulnerability in Forgot Password Feature

Vulnerability

A denial-of-service vulnerability has been identified in PHPJabbers Cinema Booking System version 1.0, stemming from a lack of rate limiting in the 'Forgot Password' feature. This oversight allows attackers to inundate a legitimate user's email with excessive password reset requests, potentially leading to email account disruption.

Impact

Exploitation of this vulnerability can cause a denial-of-service condition by generating a large volume of email messages, which could overwhelm the user's email account.

Reproduction

To reproduce this vulnerability, access the 'Forgot Password' feature on the PHPJabbers Cinema Booking System demo site. Use an email address that is already registered. After capturing the request with a tool like Burp Suite, send it to the Intruder tab, configure the attack, and start it. The result will be a flood of password reset emails sent to the registered email account.

Added: Jun 9, 2025, 7:46 PM
Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm
spread
2.2
impact
2.5
exploitability
9.7
remediation
0.0
relevance
0.0
threat
6.4
urgency
2.9
incentive
10.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.