Session fixation
The 1 Textimage 4.7.x before 4.7-1.2 and 5.x before 5.x-1.1 module for Drupal and the 2 Captcha 4.7.x before 4.7-1.2 and 5.x before 5.x-1.1 module for Drupal allow remote attackers to bypass the CAPTCHA test via an empty captcha element in $SESSION...