CVE-2017-9090

Name of the Vulnerable Software and Affected Versions Allen Disk version 1.6

Description The issue allows bypassing the CAPTCHA protection by submitting an empty captcha value in the POST request. This is due to the lack of proper validation of the $ SESSION['captcha']['code'] variable in the reg.php file.

Recommendations For Allen Disk version 1.6, consider adding a check to ensure that the $ SESSION['captcha']['code'] is properly set and validated before allowing registration. As a temporary workaround, consider implementing additional validation for the $ POST['captcha'] variable to prevent empty submissions.