CVE-2006-0805

Name of the Vulnerable Software and Affected Versions php-Nuke versions 6.0 through 7.9

Description The issue concerns the CAPTCHA functionality, which uses fixed challenge/response pairs. These pairs only change once per day and are based on the User Agent (HTTP USER AGENT). This allows remote attackers to bypass CAPTCHA controls by fixing the User Agent, performing a valid challenge/response, and then replaying that pair in the random num and gfx check parameters.

Recommendations For php-Nuke versions 6.0 through 7.9, consider disabling the CAPTCHA functionality until a patch is available, or restrict access to sensitive areas protected by CAPTCHA to minimize the risk of exploitation. Avoid using the random num and gfx check parameters in affected CAPTCHA challenges until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.