Description
The (1) Textimage 4.7.x before 4.7-1.2 and 5.x before 5.x-1.1 module for Drupal and the (2) Captcha 4.7.x before 4.7-1.2 and 5.x before 5.x-1.1 module for Drupal allow remote attackers to bypass the CAPTCHA test via an empty captcha element in $_SESSION.
Remediation
References
Related Vulnerabilities
Squid Reachable Assertion Vulnerability (CVE-2023-49286)
TYPO3 URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2021-21338)
ProjectSend Authorization Bypass Through User-Controlled Key Vulnerability (CVE-2017-20101)
Oracle Database Server CVE-2009-3411 Vulnerability (CVE-2009-3411)