CVE-2008-2020

Name of the Vulnerable Software and Affected Versions Francisco Burzi PHP-Nuke versions 7.0 through 8.1 my123tkShop e-Commerce-Suite version 0.9.1 phpMyBitTorrent version 1.2.2 TorrentFlux version 2.3 e107 version 0.7.11 WebZE version 0.5.9 Open Media Collectors Database version 1.5.0b4 Labgab version 1.1

Description The CAPTCHA implementation uses a code bg.jpg background image and the PHP ImageString function in a way that produces an insufficient number of different images. This allows remote attackers to pass the CAPTCHA test via an automated attack using a table of all possible image checksums and their corresponding digit strings.

Recommendations For Francisco Burzi PHP-Nuke versions 7.0 through 8.1, consider implementing a more secure CAPTCHA system that produces a sufficient number of different images. For my123tkShop e-Commerce-Suite version 0.9.1, restrict access to sensitive areas of the application until a more secure CAPTCHA system is implemented. For phpMyBitTorrent version 1.2.2, disable the CAPTCHA test until a patch is available that addresses the issue. For TorrentFlux version 2.3, avoid using the ImageString function for CAPTCHA generation until a more secure alternative is available. For e107 version 0.7.11, consider using a different CAPTCHA implementation that is not vulnerable to automated attacks. For WebZE version 0.5.9, restrict access to the CAPTCHA-protected areas of the application until a more secure CAPTCHA system is implemented. For Open Media Collectors Database version 1.5.0b4, disable the CAPTCHA test until a patch is available that addresses the issue. For Labgab version 1.1, consider implementing a more secure CAPTCHA system that produces a sufficient number of different images.