CVE-2023-51314
📋 TL;DR
This vulnerability allows attackers to send excessive password reset and email change requests to legitimate users, potentially causing denial of service through email spam. It affects PHPJabbers Restaurant Booking System v3.0 installations that have these features enabled.
💻 Affected Systems
- PHPJabbers Restaurant Booking System
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Attackers flood user inboxes with thousands of password reset emails, causing email service disruption, overwhelming mail servers, and potentially triggering account lockouts or service degradation.
Likely Case
Targeted harassment of specific users through email spam, temporary disruption of legitimate password reset functionality, and increased email server load.
If Mitigated
Minimal impact with proper rate limiting in place, allowing only legitimate password reset requests while blocking automated attacks.
🎯 Exploit Status
Exploitation requires no authentication and can be performed with simple HTTP requests to the vulnerable endpoints.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Check vendor for latest version
Vendor Advisory: https://www.phpjabbers.com/
Restart Required: No
Instructions:
1. Check PHPJabbers website for security updates. 2. Apply the latest patch or upgrade to a fixed version. 3. Verify rate limiting is implemented on password reset and email change endpoints.
🔧 Temporary Workarounds
Implement Web Application Firewall Rules
allConfigure WAF to rate limit requests to /index.php?controller=pjUser&action=pjActionForgot and email change endpoints
WAF-specific configuration commands vary by vendor
Disable Vulnerable Features
allTemporarily disable 'Forgot Password' and email change functionality until patched
Modify application configuration or comment out vulnerable code sections
🧯 If You Can't Patch
- Implement network-level rate limiting at the load balancer or reverse proxy
- Monitor email server logs for unusual volume from the application
🔍 How to Verify
Check if Vulnerable:
Test if you can send multiple password reset requests to the same email address without delay or restrictionCheck Version:
Check application version in admin panel or review source code headersVerify Fix Applied:
Verify that after 3-5 rapid requests, subsequent requests are blocked or delayed for several minutes📡 Detection & Monitoring
Log Indicators:
- Multiple POST requests to pjActionForgot endpoint from same IP
- Unusual volume of password reset emails in mail server logs
Network Indicators:
- High frequency of requests to password reset endpoint
- Pattern of requests with different email parameters from same source
SIEM Query:
source="web_logs" AND (uri="*pjActionForgot*" OR uri="*email*change*") | stats count by src_ip, user_agent | where count > 10