CVE-2023-51309 – This vulnerability in PHPJabbers Car Park Booki... (How to Fix)

Q: What is the severity of CVE-2023-51309?

CVE-2023-51309 has a CVSS score of 4.3 (MEDIUM). This vulnerability in PHPJabbers Car Park Booking System allows attackers to send excessive emails through the Email Settings feature due to missing rate limiting. This can cause denial of service by overwhelming email servers with spam. Organizations using the vulnerable version are affected.

📋 TL;DR

This vulnerability in PHPJabbers Car Park Booking System allows attackers to send excessive emails through the Email Settings feature due to missing rate limiting. This can cause denial of service by overwhelming email servers with spam. Organizations using the vulnerable version are affected.

💻 Affected Systems

Products:

PHPJabbers Car Park Booking System

Versions: v3.0

Operating Systems: Any OS running PHP

Default Config Vulnerable: ⚠️ Yes

Notes: Requires the Email Settings feature to be accessible and functional.

📦 What is this software?

Car Park Booking System by Phpjabbers

View all CVEs affecting Car Park Booking System →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Email servers become overwhelmed and unresponsive, disrupting legitimate email communications and potentially causing business operations impact.

🟠

Likely Case

Email server performance degradation, increased spam filtering load, and potential temporary email service disruption.

🟢

If Mitigated

Minimal impact with proper rate limiting and email server protections in place.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires access to the Email Settings feature, which typically requires authentication.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: Not found in provided references

Restart Required: No

Instructions:

Check vendor website for updates. If patch available, download and apply according to vendor instructions.

🔧 Temporary Workarounds

Implement Rate Limiting

all

Add rate limiting to the Email Settings feature to restrict number of emails sent per time period.

Modify PHP code to implement request throttling or use web server rate limiting

Restrict Access

all

Limit access to Email Settings feature to trusted users only.

Configure web server or application authentication to restrict access

🧯 If You Can't Patch

Implement network-level rate limiting using WAF or reverse proxy
Monitor email server logs for unusual email sending patterns

🔍 How to Verify

Check if Vulnerable:

Check if running PHPJabbers Car Park Booking System v3.0 and test if Email Settings allows unlimited email sending.

Check Version:

Check application version in admin panel or configuration files

Verify Fix Applied:

Test if rate limiting is now enforced in Email Settings feature.

📡 Detection & Monitoring

Log Indicators:

Unusually high volume of email sending from application
Multiple rapid requests to email settings endpoint

Network Indicators:

High SMTP traffic from application server
Spike in outbound email traffic

SIEM Query:

source="application_logs" AND (message="email_sent" OR endpoint="/email-settings") | stats count by src_ip | where count > threshold

📊 Metadata

CVE ID: CVE-2023-51309

CVSS v3 Score: 4.3 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

CWE: CWE-770

EPSS Score: 0.32% exploit probability (54.3th percentile)

Published: February 20, 2025

Last Updated: November 4, 2025

🔗 References

https://packetstorm.news/files/id/176492 Exploit,Third Party Advisory
https://www.phpjabbers.com/car-park-booking/#sectionDemo Product
http://packetstormsecurity.com/files/176492/PHPJabbers-Car-Park-Booking-System-3.0-Missing-Rate-Limiting.html
https://packetstorm.news/files/id/176492 Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-51309, you might also want to check these: