CVE-2008-3573

CVE-2008-3573 · MEDIUM Severity

AV:N/AC:L/AU:N/C:N/I:P/A:N

The CAPTCHA implementation in (1) Pligg 9.9.5 and possibly (2) Francisco Burzi PHP-Nuke 8.1 provides a critical random number (the ts_random value) within the URL in the SRC attribute of an IMG element, which allows remote attackers to pass the CAPTCHA test via a calculation that combines this value with the current date and the HTTP User-Agent string.

Learn more about our Cis Benchmark Audit For Cisco.