Vulnerability Details CVE-2016-8600
In dotCMS 3.2.1, attacker can load captcha once, fill it with correct value and then this correct value is ok for forms with captcha check later.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.009
EPSS Ranking 74.2%
CVSS Severity
CVSS v3 Score 7.5
CVSS v2 Score 5.0
References
- http://seclists.org/fulldisclosure/2016/Oct/63
- http://www.securityfocus.com/bid/93798
- https://github.com/dotCMS/core/issues/9330
- https://security.elarlang.eu/cve-2016-8600-dotcms-captcha-bypass-by-reusing-valid-code.html
- http://seclists.org/fulldisclosure/2016/Oct/63
- http://www.securityfocus.com/bid/93798
- https://github.com/dotCMS/core/issues/9330
- https://security.elarlang.eu/cve-2016-8600-dotcms-captcha-bypass-by-reusing-valid-code.html