PT-2007-2112 · Drupal · Textimage+1

Thomas Nilsson

Published

2007-02-01

Updated

2017-07-29

CVE-2007-0658

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions Textimage module for Drupal versions 4.7.x before 4.7-1.2 Textimage module for Drupal versions 5.x before 5.x-1.1 Captcha module for Drupal versions 4.7.x before 4.7-1.2 Captcha module for Drupal versions 5.x before 5.x-1.1

Description The issue allows remote attackers to bypass the CAPTCHA test. This is achieved by including an empty captcha element in the $ SESSION variable.

Recommendations For Textimage module for Drupal versions 4.7.x before 4.7-1.2, update to version 4.7-1.2 or later. For Textimage module for Drupal versions 5.x before 5.x-1.1, update to version 5.x-1.1 or later. For Captcha module for Drupal versions 4.7.x before 4.7-1.2, update to version 4.7-1.2 or later. For Captcha module for Drupal versions 5.x before 5.x-1.1, update to version 5.x-1.1 or later.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2007-0658

Affected Products

Captcha

Textimage

PT-2007-2112 · Drupal · Textimage+1

CVE-2007-0658

Related Identifiers

Affected Products

References · 14