5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
6.7 Medium
AI Score
Confidence
High
0.013 Low
EPSS
Percentile
86.0%
The CAPTCHA implementation in (1) Pligg 9.9.5 and possibly (2) Francisco Burzi PHP-Nuke 8.1 provides a critical random number (the ts_random value) within the URL in the SRC attribute of an IMG element, which allows remote attackers to pass the CAPTCHA test via a calculation that combines this value with the current date and the HTTP User-Agent string.
CPE | Name | Operator | Version |
---|---|---|---|
php-nuke:php-nuke | php-nuke | eq | 8.1 |
pligg:pligg | pligg | eq | 9.9.5 |