ID CVE-2017-9091
Summary /admin/loginc.php in Allen Disk 1.6 doesn't check if isset($_SESSION['captcha']['code']) == 1, which leads to CAPTCHA bypass by emptying $_POST['captcha'].
References
Vulnerable Configurations
CVSS
Base: None
Impact:
Exploitability:
refmap via4
confirm https://github.com/s3131212/allendisk/issues/23
Last major update 19-05-2017 - 14:29
Published 19-05-2017 - 14:29
Last modified 19-05-2017 - 14:29
Back to Top