Published: 21/02/2006 Updated: 18/10/2018

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

VMScore: 755

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

The CAPTCHA functionality in php-Nuke 6.0 up to and including 7.9 uses fixed challenge/response pairs that only vary once per day based on the User Agent (HTTP_USER_AGENT), which allows remote malicious users to bypass CAPTCHA controls by fixing the User Agent, performing a valid challenge/response, then replaying that pair in the random_num and gfx_check parameters.

Vulnerable Product	Search on Vulmon	Subscribe to Product
francisco burzi php-nuke 6.5_beta1
francisco burzi php-nuke 6.5_final
francisco burzi php-nuke 7.0
francisco burzi php-nuke 7.0_final
francisco burzi php-nuke 7.8
francisco burzi php-nuke 7.9
francisco burzi php-nuke 6.5_rc1
francisco burzi php-nuke 6.5_rc2
francisco burzi php-nuke 7.1
francisco burzi php-nuke 7.2
francisco burzi php-nuke 6.5_rc3
francisco burzi php-nuke 6.6
francisco burzi php-nuke 7.3
francisco burzi php-nuke 7.4
francisco burzi php-nuke 6.0
francisco burzi php-nuke 6.5
francisco burzi php-nuke 6.7
francisco burzi php-nuke 6.9
francisco burzi php-nuke 7.5
francisco burzi php-nuke 7.6
francisco burzi php-nuke 7.7

source: wwwsecurityfocuscom/bid/16722/info The CAPTCHA implementation of PHPNuke may be bypassed by remote attackers due to a design error This may be used to carry out other attacks such as brute-force attempts against the login page [------ real life exploit ------] <html> <head> <title>phpNuke CAPTHCA bypass POC ...

NVD-CWE-Other http://www.waraxe.us/advisory-45.html http://www.securityfocus.com/bid/16722 http://secunia.com/advisories/18936 http://securityreason.com/securityalert/455 http://www.securityfocus.com/archive/1/425394/100/0/threaded https://nvd.nist.gov https://www.exploit-db.com/exploits/27249/

CVE-2006-0805

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect