Lucene search

MitreCVE-2008-2020

HistoryApr 30, 2008 - 1:07 a.m.

CVE-2008-2020

2008-04-3001:07:00

CWE-330

mitre

web.nvd.nist.gov

vulnerability

captcha

php-nuke

e-commerce-suite

phpmybittorrent

torrentflux

e107

webze

open media collectors database

labgab

automated attack

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

EPSS

0.004

Percentile

74.6%

JSON

The CAPTCHA implementation as used in (1) Francisco Burzi PHP-Nuke 7.0 and 8.1, (2) my123tkShop e-Commerce-Suite (aka 123tkShop) 0.9.1, (3) phpMyBitTorrent 1.2.2, (4) TorrentFlux 2.3, (5) e107 0.7.11, (6) WebZE 0.5.9, (7) Open Media Collectors Database (aka OpenDb) 1.5.0b4, and (8) Labgab 1.1 uses a code_bg.jpg background image and the PHP ImageString function in a way that produces an insufficient number of different images, which allows remote attackers to pass the CAPTCHA test via an automated attack using a table of all possible image checksums and their corresponding digit strings.

Affected configurations

Nvd

Node

e107e107Match0.7.11

labgablabgabMatch1.1

my123tkshope-commerce-suiteMatch0.9.1

opendbopendbMatch1.5.0beta4

phpmybittorrentphpmybittorrentMatch1.2.2

phpnukephp-nukeMatch7.0

phpnukephp-nukeMatch8.1

torrentflux_projecttorrentfluxMatch2.3

webzewebzeMatch0.5.9

VendorProductVersionCPE
e107e1070.7.11cpe:2.3:a:e107:e107:0.7.11:*:*:*:*:*:*:*
labgablabgab1.1cpe:2.3:a:labgab:labgab:1.1:*:*:*:*:*:*:*
my123tkshope-commerce-suite0.9.1cpe:2.3:a:my123tkshop:e-commerce-suite:0.9.1:*:*:*:*:*:*:*
opendbopendb1.5.0cpe:2.3:a:opendb:opendb:1.5.0:beta4:*:*:*:*:*:*
phpmybittorrentphpmybittorrent1.2.2cpe:2.3:a:phpmybittorrent:phpmybittorrent:1.2.2:*:*:*:*:*:*:*
phpnukephp-nuke7.0cpe:2.3:a:phpnuke:php-nuke:7.0:*:*:*:*:*:*:*
phpnukephp-nuke8.1cpe:2.3:a:phpnuke:php-nuke:8.1:*:*:*:*:*:*:*
torrentflux_projecttorrentflux2.3cpe:2.3:a:torrentflux_project:torrentflux:2.3:*:*:*:*:*:*:*
webzewebze0.5.9cpe:2.3:a:webze:webze:0.5.9:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
e107	e107	0.7.11	cpe:2.3:a:e107:e107:0.7.11:::::::*
labgab	labgab	1.1	cpe:2.3:a:labgab:labgab:1.1:::::::*
my123tkshop	e-commerce-suite	0.9.1	cpe:2.3:a:my123tkshop:e-commerce-suite:0.9.1:::::::*
opendb	opendb	1.5.0	cpe:2.3:a:opendb:opendb:1.5.0:beta4::::::
phpmybittorrent	phpmybittorrent	1.2.2	cpe:2.3:a:phpmybittorrent:phpmybittorrent:1.2.2:::::::*
phpnuke	php-nuke	7.0	cpe:2.3:a:phpnuke:php-nuke:7.0:::::::*
phpnuke	php-nuke	8.1	cpe:2.3:a:phpnuke:php-nuke:8.1:::::::*
torrentflux_project	torrentflux	2.3	cpe:2.3:a:torrentflux_project:torrentflux:2.3:::::::*
webze	webze	0.5.9	cpe:2.3:a:webze:webze:0.5.9:::::::*

References

securityreason.com/securityalert/3834

www.rooksecurity.com/blog/?p=6

www.securityfocus.com/archive/1/491127/100/0/threaded

www.securityfocus.com/bid/28877

exchange.xforce.ibmcloud.com/vulnerabilities/42152

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

EPSS

0.004

Percentile

74.6%

JSON

Related for CVE-2008-2020