PT-2025-31903 · Unknown · Atjiu Pybbs
Zast.Ai
·
Published
2025-08-05
·
Updated
2025-08-05
·
CVE-2025-8546
CVSS v4.0
5.5
Medium
| Vector | AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X |
Name of the Vulnerable Software and Affected Versions
atjiu pybbs versions up to 6.0.0
Description
A problematic issue exists in the Verification Code Handler component’s
adminlogin/login function, leading to guessable captcha. This allows for remote exploitation. The exploit has been publicly disclosed.Recommendations
Apply the patch ecaf8d46944fd03e3c4ea05698f8acf0aaa570cf to resolve the issue.
Exploit
Fix
Improper Authentication
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Atjiu Pybbs