Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
5
CVSSv2

CVE-2008-3573

Published: 10/08/2008 Updated: 08/08/2017
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
VMScore: 505
Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N
Subscribe to Pligg

Vulnerability Summary

The CAPTCHA implementation in (1) Pligg 9.9.5 and possibly (2) Francisco Burzi PHP-Nuke 8.1 provides a critical random number (the ts_random value) within the URL in the SRC attribute of an IMG element, which allows remote malicious users to pass the CAPTCHA test via a calculation that combines this value with the current date and the HTTP User-Agent string.

Vulnerable Product Search on Vulmon Subscribe to Product

pligg pligg 9.9.5

php-nuke php-nuke 8.1

Exploits

Exploit DB: Pligg CMS 9.9.5 - 'CAPTCHA' Registration Automation Security Bypass
source: wwwsecurityfocuscom/bid/30518/info Pligg is prone to a security-bypass weakness Successfully exploiting this issue will allow an attacker to register multiple new users through an automated process This may lead to other attacks Pligg 995 is vulnerable; other versions may also be affected <?php $sitekey=82397834; $ts ...

References

CWE-264CWE-189http://www.rooksecurity.com/blog/?p=17http://www.securityfocus.com/bid/30518https://exchange.xforce.ibmcloud.com/vulnerabilities/44192https://nvd.nist.govhttps://www.exploit-db.com/exploits/32142/
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-7028memory leaklog injectionCVE-2024-3400CVE-2022-48695CVE-2022-48675CVE-2024-34487CVE-2024-33792spoof
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook