Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
The CAPTCHA functionality in php-Nuke 6.0 through 7.9 uses fixed challenge/response pairs that only vary once per day based on the User Agent (HTTP_USER_AGENT), which allows remote attackers to bypass CAPTCHA controls by fixing the User Agent, performing a valid challenge/response, then replaying that pair in the random_num and gfx_check parameters.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
PHPNuke 安全绕过漏洞
Vulnerability Description
php-Nuke 6.0到7.9的CAPTCHA功能使用固定的挑战/响应对(基于User Agent (HTTP_USER_AGENT)一天只改变一次),从而使得远程攻击者可以通过固定User Agent,执行有效的挑战/响应,然后在random_num和gfx_check参数中重复执行该挑战/响应对来绕过CAPTCHA控件。
CVSS Information
N/A
Vulnerability Type
N/A