The CAPTCHA implementation in (1) Pligg 9.9.5 and possibly (2) Francisco Burzi PHP-Nuke 8.1 provides a critical random number (the ts_random value) within the URL in the SRC attribute of an IMG element, which allows remote malicious users to pass the CAPTCHA test via a calculation that combines this value with the current date and the HTTP User-Agent string.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
pligg pligg 9.9.5 |
||
php-nuke php-nuke 8.1 |