Vulnerability Description
The CAPTCHA functionality in php-Nuke 6.0 through 7.9 uses fixed challenge/response pairs that only vary once per day based on the User Agent (HTTP_USER_AGENT), which allows remote attackers to bypass CAPTCHA controls by fixing the User Agent, performing a valid challenge/response, then replaying that pair in the random_num and gfx_check parameters.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Francisco Burzi | Php-Nuke | 6.0 |
References
- http://secunia.com/advisories/18936
- http://securityreason.com/securityalert/455
- http://www.securityfocus.com/archive/1/425394/100/0/threaded
- http://www.securityfocus.com/bid/16722Exploit
- http://www.waraxe.us/advisory-45.htmlExploitVendor Advisory
- http://secunia.com/advisories/18936
- http://securityreason.com/securityalert/455
- http://www.securityfocus.com/archive/1/425394/100/0/threaded
- http://www.securityfocus.com/bid/16722Exploit
- http://www.waraxe.us/advisory-45.htmlExploitVendor Advisory
FAQ
What is CVE-2006-0805?
CVE-2006-0805 is a vulnerability with a CVSS score of 7.5 (HIGH). The CAPTCHA functionality in php-Nuke 6.0 through 7.9 uses fixed challenge/response pairs that only vary once per day based on the User Agent (HTTP_USER_AGENT), which allows remote attackers to bypass...
How severe is CVE-2006-0805?
CVE-2006-0805 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2006-0805?
Check the references section above for vendor advisories and patch information. Affected products include: Francisco Burzi Php-Nuke.