Thomas Nilsson

**Name of the Vulnerable Software and Affected Versions** Textimage module for Drupal versions 4.7.x before 4.7-1.2 Textimage module for Drupal versions 5.x before 5.x-1.1 Captcha module for Drupal versions 4.7.x before 4.7-1.2 Captcha module for Drupal versions 5.x before 5.x-1.1 **Description** The issue allows remote attackers to bypass the CAPTCHA test. This is achieved by including an empty `captcha` element in the `$ SESSION` variable. **Recommendations** For Textimage module for Drupal versions 4.7.x before 4.7-1.2, update to version 4.7-1.2 or later. For Textimage module for Drupal versions 5.x before 5.x-1.1, update to version 5.x-1.1 or later. For Captcha module for Drupal versions 4.7.x before 4.7-1.2, update to version 4.7-1.2 or later. For Captcha module for Drupal versions 5.x before 5.x-1.1, update to version 5.x-1.1 or later.