Lucene search

[email protected]CVE-2014-2224

HistoryDec 29, 2014 - 8:59 p.m.

CVE-2014-2224

2014-12-2920:59:02

CWE-254

[email protected]

web.nvd.nist.gov

plogger

lucid theme

captcha bypass

form submissions

cve-2014-2224

nvd

6.8 Medium

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

0.002 Low

EPSS

Percentile

62.0%

JSON

Plogger 1.0 RC1 and earlier, when the Lucid theme is used, does not assign new values for certain codes, which makes it easier for remote attackers to bypass the CAPTCHA protection mechanism via a series of form submissions.

Affected configurations

NVD

Node

ploggerploggerRange≤1.0rc1

CPENameOperatorVersion
plogger:ploggerploggerle1.0

CPE	Name	Operator	Version
plogger:plogger	plogger	le	1.0

References

www.sysdream.com/CVE-2014-2223_CVE-2014-2224

6.8 Medium

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

0.002 Low

EPSS

Percentile

62.0%

JSON

Related for CVE-2014-2224

cvelist1 prion1 nvd1