exploitDog

CVE-2016-8600

Опубликовано: 28 окт. 2016

Источник: nvd

CVSS3: 7.5

CVSS2: 5

EPSS Низкий

Описание

In dotCMS 3.2.1, attacker can load captcha once, fill it with correct value and then this correct value is ok for forms with captcha check later.

Ссылки

http://seclists.org/fulldisclosure/2016/Oct/63
Exploit
Third Party Advisory
VDB Entry
http://www.securityfocus.com/bid/93798
https://github.com/dotCMS/core/issues/9330
Vendor Advisory
https://security.elarlang.eu/cve-2016-8600-dotcms-captcha-bypass-by-reusing-valid-code.html
Exploit
Third Party Advisory
http://seclists.org/fulldisclosure/2016/Oct/63
Exploit
Third Party Advisory
VDB Entry
http://www.securityfocus.com/bid/93798
https://github.com/dotCMS/core/issues/9330
Vendor Advisory
https://security.elarlang.eu/cve-2016-8600-dotcms-captcha-bypass-by-reusing-valid-code.html
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:dotcms:dotcms:3.2.1:*:*:*:*:*:*:*

EPSS

Процентиль: 75%

0.00867

Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-254

Связанные уязвимости

GHSA-3cq5-qfhj-hhcc

CVSS3: 7.5

github

больше 3 лет назад

In dotCMS 3.2.1, attacker can load captcha once, fill it with correct value and then this correct value is ok for forms with captcha check later.

EPSS

Процентиль: 75%

0.00867

Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-254