← back
CVE-2006-0805

CVE-2006-0805

EPSS 2.9%
The CAPTCHA functionality in php-Nuke 6.0 through 7.9 uses fixed challenge/response pairs that only vary once per day based on the User Agent (HTTP_USER_AGENT), which allows remote attackers to bypass CAPTCHA controls by fixing the User Agent, performing a valid challenge/response, then replaying that pair in the random_num and gfx_check parameters.
Affected products
n/a · n/a
public PoCs found1
exploitdbwww.exploit-db.com/exploits/27249unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://secunia.com/advisories/18936http://securityreason.com/securityalert/455http://www.securityfocus.com/archive/1/425394/100/0/threadedhttp://www.securityfocus.com/bid/16722http://www.waraxe.us/advisory-45.html