When using the default implementation of Verify to check a Captcha, verification can be bypassed. For example, if the first parameter is a non-existent id, the second parameter is an empty string, and the third parameter is true, the function will always consider the Captcha to be correct.
CPE | Name | Operator | Version |
---|---|---|---|
base64captcha | lt | 1.3.6 |