Design/Logic Flaw

2017-05-1918:29:00

PRIOn knowledge base

www.prio-n.com

7.5 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

31.8%

JSON

reg.php in Allen Disk 1.6 doesn’t check if isset($_SESSION[‘captcha’][‘code’])==1, which makes it possible to bypass the CAPTCHA via an empty $_POST[‘captcha’].

CPENameOperatorVersion
allen_diskeq1.6

CPE	Name	Operator	Version
	allen_disk	eq	1.6

References

github.com/s3131212/allendisk/issues/25