Vulnerabilities > CVE-2008-3573 - Numeric Errors vulnerability in multiple products
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
The CAPTCHA implementation in (1) Pligg 9.9.5 and possibly (2) Francisco Burzi PHP-Nuke 8.1 provides a critical random number (the ts_random value) within the URL in the SRC attribute of an IMG element, which allows remote attackers to pass the CAPTCHA test via a calculation that combines this value with the current date and the HTTP User-Agent string.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 | |
| Application | 1 |
Common Weakness Enumeration (CWE)
Exploit-Db
| description | Pligg 9.9.5 'CAPTCHA' Registration Automation Security Bypass Weakness. CVE-2008-3573. Webapps exploit for php platform |
| id | EDB-ID:32142 |
| last seen | 2016-02-03 |
| modified | 2008-08-02 |
| published | 2008-08-02 |
| reporter | Micheal Brooks |
| source | https://www.exploit-db.com/download/32142/ |
| title | Pligg 9.9.5 - 'CAPTCHA' Registration Automation Security Bypass Weakness |