reg.php in Allen Disk 1.6 doesn't check if isset($_SESSION['captcha']['code'])==1, which makes it possible to bypass the CAPTCHA via an empty $_POST['captcha'].
Metrics
Affected Vendors & Products
References
Link | Providers |
---|---|
https://github.com/s3131212/allendisk/issues/25 |
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2017-05-19T18:00:00Z
Updated: 2024-09-16T22:41:22.804Z
Reserved: 2017-05-19T00:00:00Z
Link: CVE-2017-9090
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2017-05-19T18:29:00.183
Modified: 2020-03-02T18:58:23.600
Link: CVE-2017-9090
Redhat
No data.