PT-2016-7517 · Dotcms · Dotcms

Elar Lang

Published

2016-10-28

Updated

2016-11-28

CVE-2016-8600

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Name of the Vulnerable Software and Affected Versions dotCMS version 3.2.1

Description The issue allows an attacker to bypass the captcha check by loading the captcha once, filling it with the correct value, and then reusing this correct value for subsequent forms that have a captcha check.

Recommendations For dotCMS version 3.2.1, consider implementing a unique captcha for each form submission to prevent reuse of previously entered correct values. As a temporary workaround, restrict the ability to submit forms with a captcha check to minimize the risk of exploitation.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-254CWE-264

Related Identifiers

CVE-2016-8600

Affected Products

Dotcms

PT-2016-7517 · Dotcms · Dotcms

CVE-2016-8600

Weakness Enumeration

Related Identifiers

Affected Products

References · 7