Headline
CVE-2023-1886: Captcha Bypass allows sending unlimited Comments in phpmyfaq
Authentication Bypass by Capture-replay in GitHub repository thorsten/phpmyfaq prior to 3.1.12.
Hello,
I identified a CAPTCHA Bypass after trying many Posts in the Comments Section.
Lets see :)
sent successfully!
let’s see the comments
Comments are available
The Question Form is also vulnerable for Captcha Bypass please check it also too.
Thank you
Impact
Hello,
I identified a CAPTCHA Bypass after trying many Posts in the Comments Section.
Lets see :)
sent successfully!
let’s see the comments
Comments are available
The Question Form is also vulnerable for Captcha Bypass please check it also too.
Thank you
Related news
thorsten/phpmyfaq prior to 3.1.12 is vulnerable to authentication bypass by capture-relay that allows unlimited comments to be sent. This has been fixed in 3.1.12.