CVE-2008-3573 – Pligg CMS 9.9.5 - 'CAPTCHA' Registration Automation Security Bypass

https://notcve.org/view.php?id=CVE-2008-3573

10 Aug 2008 — The CAPTCHA implementation in (1) Pligg 9.9.5 and possibly (2) Francisco Burzi PHP-Nuke 8.1 provides a critical random number (the ts_random value) within the URL in the SRC attribute of an IMG element, which allows remote attackers to pass the CAPTCHA test via a calculation that combines this value with the current date and the HTTP User-Agent string. La implementación CAPTCHA en (1) Pligg 9.9.5 y posiblemente (2) Francisco Burzi PHP-Nuke 8.1, proporciona un número aleatorio crítico (el valor del ts_random... • https://www.exploit-db.com/exploits/32142 • CWE-189: Numeric Errors CWE-264: Permissions, Privileges, and Access Controls •