NVD

Id
1956  
Name
CVE-2008-2020  
Description
The CAPTCHA implementation as used in (1) Francisco Burzi PHP-Nuke 7.0 and 8.1, (2) my123tkShop e-Commerce-Suite (aka 123tkShop) 0.9.1, (3) phpMyBitTorrent 1.2.2, (4) TorrentFlux 2.3, (5) e107 0.7.11, (6) WebZE 0.5.9, (7) Open Media Collectors Database (aka OpenDb) 1.5.0b4, and (8) Labgab 1.1 uses a code_bg.jpg background image and the PHP ImageString function in a way that produces an insufficient number of different images, which allows remote attackers to pass the CAPTCHA test via an automated attack using a table of all possible image checksums and their corresponding digit strings.  
Reject
 
CVSS Version
2  
CVSS Score
6.8  
Severity
Medium  
CVSS Base Score
6.8  
CVSS Impact Subscore
6.4  
CVSS Exploit Subscore
8.6  
CVSS Vector
(AV:N/AC:M/Au:N/C:P/I:P/A:P)  
Pub Date
2017-01-03  
Published
2008-04-29  
Modified Date
2009-01-29  
Seq
2008-2020  

Actions

Related NVD References

Id NVD Id NVD No. Reference Actions
12604 1956 CVE-2008-2020 3834  View
12605 1956 CVE-2008-2020 http://www.rooksecurity.com/blog/?p=6  View
12606 1956 CVE-2008-2020 20080419 Deciphering the PHP-Nuke Capthca  View
12607 1956 CVE-2008-2020 28877  View
12608 1956 CVE-2008-2020 captcha-imagestring-codebg-weak-security(42152)  View

Related JVN

Id Name Title Summary Cveinfo Name Cveinfo Id Nvdinfo Name Nvdinfo Id Cvssv2 Cvssv3 Jvnurl Published Date Last Updated Date Actions
47711 JVNDB-2008-003021 Francisco Burzi PHP-Nuke などの製品で使用される CAPTCHA における CAPTCHA 検証を通過する脆弱性 以下の製品で使用されている CAPTCHA 実装は、code_bg.jpg 背景画像および PHP ImageString 関数が不十分な画像の数を生成するため、CAPTCHA 検証を通過する脆弱性が存在します。 CVE-2008-2020 32133 CVE-2008-2020 1956 6.8 http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-003021.html 2008-04-29 2012-06-26 View