Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
The CAPTCHA implementation in (1) Pligg 9.9.5 and possibly (2) Francisco Burzi PHP-Nuke 8.1 provides a critical random number (the ts_random value) within the URL in the SRC attribute of an IMG element, which allows remote attackers to pass the CAPTCHA test via a calculation that combines this value with the current date and the HTTP User-Agent string.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Pligg CAPTCHA 绕过安全检验漏洞
Vulnerability Description
Pligg是一套社交网站管理系统。 Pligg 9.9.版本中存在绕过安全认证漏洞。 CAPTCHA执行程序在URL范围内提供一个关键的随机数字(ts_random值)。该URL存在于IMG元件的SRC属性里。 这会允许远程攻击者通过一个运算方法来通过CAPTCHA检查。该运算方法糅合了当前日期和HTTP User-Agent字符串,以及关键的随机数字(ts_random值)。 (该漏洞也可能存在于Francisco Burzi PHP-Nuke 8.1版本)
CVSS Information
N/A
Vulnerability Type
N/A