ZZCMS 2023 contains a vulnerability in the captcha reuse logic located in /inc/function.php. The checkyzm function does not properly refresh the captcha value after a failed validation attempt. As a result, an attacker can exploit this flaw by repeatedly submitting the same incorrect captcha response, allowing them to capture the correct captcha value through error messages.
References
Configurations
No configuration.
History
05 Sep 2024, 12:53
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
04 Sep 2024, 17:35
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-287 | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 5.3 |
04 Sep 2024, 16:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-09-04 16:15
Updated : 2024-09-05 12:53
NVD link : CVE-2024-44821
Mitre link : CVE-2024-44821
CVE.ORG link : CVE-2024-44821
JSON object : View
Products Affected
No product.
CWE
CWE-287
Improper Authentication