Description

The (1) Textimage 4.7.x before 4.7-1.2 and 5.x before 5.x-1.1 module for Drupal and the (2) Captcha 4.7.x before 4.7-1.2 and 5.x before 5.x-1.1 module for Drupal allow remote attackers to bypass the CAPTCHA test via an empty captcha element in $_SESSION.

Remediation

References

CVE-2007-0658

Related Vulnerabilities

Atlassian Jira Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') Vulnerability (CVE-2020-14193)

WordPress Plugin TemplatesNext ToolKit Cross-Site Scripting (3.2.7)

Oracle HTTP Server Use of Insufficiently Random Values Vulnerability (CVE-2020-35163)

Drupal Core 8.x.x Directory Traversal (8.0.0 - 8.5.15)

IBM WebSEAL Observable Differences in Behavior to Error Inputs Vulnerability (CVE-2020-4661)

Severity

Medium

Classification

CVE-2007-0658

Tags

Missing Update Known Vulnerabilities