PHP-Nuke CAPTCHA Security Bypass Vulnerability
BID:39923
Info
PHP-Nuke CAPTCHA Security Bypass Vulnerability
| Bugtraq ID: | 39923 |
| Class: | Design Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | May 04 2010 12:00AM |
| Updated: | May 04 2010 12:00AM |
| Credit: | Michael Brooks |
| Vulnerable: |
PHP-Nuke PHP-Nuke 8.1.35 PHP-Nuke PHP-Nuke 8.0 .3.3b PHP-Nuke PHP-Nuke 8.0 PHP-Nuke PHP-Nuke 7.9 PHP-Nuke PHP-Nuke 7.8 PHP-Nuke PHP-Nuke 7.7 PHP-Nuke PHP-Nuke 7.6 PHP-Nuke PHP-Nuke 7.5 PHP-Nuke PHP-Nuke 7.4 PHP-Nuke PHP-Nuke 7.3 PHP-Nuke PHP-Nuke 7.2 PHP-Nuke PHP-Nuke 7.1 PHP-Nuke PHP-Nuke 7.0 PHP-Nuke PHP-Nuke 8.1 |
| Not Vulnerable: | |
Discussion
PHP-Nuke CAPTCHA Security Bypass Vulnerability
PHP-Nuke is prone to a security-bypass vulnerability that occurs in the CAPTCHA authentication routine.
Successful exploits may allow attackers to bypass security restrictions and gain unauthorized access.
PHP-Nuke versions 7.0 through 8.1.35 are vulnerable.
PHP-Nuke is prone to a security-bypass vulnerability that occurs in the CAPTCHA authentication routine.
Successful exploits may allow attackers to bypass security restrictions and gain unauthorized access.
PHP-Nuke versions 7.0 through 8.1.35 are vulnerable.
Exploit / POC
PHP-Nuke CAPTCHA Security Bypass Vulnerability
Attackers can use a client utility to exploit this issue.
Attackers can use a client utility to exploit this issue.
Solution / Fix
PHP-Nuke CAPTCHA Security Bypass Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution:
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
References
PHP-Nuke CAPTCHA Security Bypass Vulnerability
References:
References:
- PHP-Nuke Homepage (PHP-Nuke)
- Vulnerabilities in PHP-Nuke (Michael Brooks)