We've joined Protect AIJoin us over there for bounties up to $50,000+ for vulnerabilities in AI/ML repos

Captcha Bypass allows sending unlimited Comments in thorsten/phpmyfaq

Valid

Reported on

Feb 14th 2023

Hello,

I identified a CAPTCHA Bypass after trying many Posts in the Comments Section.

Lets see :)

sent successfully!

let's see the comments

Comments are available

The Question Form is also vulnerable for Captcha Bypass please check it also too.

Thank you

Impact

Hello,

I identified a CAPTCHA Bypass after trying many Posts in the Comments Section.

Lets see :)

sent successfully!

let's see the comments

Comments are available

The Question Form is also vulnerable for Captcha Bypass please check it also too.

Thank you

We are processing your report and will contact the thorsten/phpmyfaq team within 24 hours. 7 months ago
ahmedvienna modified the report
7 months ago
thorsten/phpmyfaq maintainer has acknowledged this report 7 months ago
Thorsten Rinne validated this vulnerability 7 months ago
ahmedvienna has been awarded the disclosure bounty
The fix bounty is now up for grabs
The researcher's credibility has increased: +7
Thorsten Rinne marked this as fixed in 3.1.12 with commit 27eaaa 7 months ago
Thorsten Rinne has been awarded the fix bounty
This vulnerability has been assigned a CVE
This vulnerability is scheduled to go public on Mar 31st 2023
ahmedvienna
7 months ago

Researcher

Hello Thorsten.

I have a question, please. Can you assign the CVE to 2 Persons or more in case we worked together ?

Best Regards Ahmed Hassan

Thorsten Rinne published this vulnerability 6 months ago
ahmedvienna
6 months ago

Researcher

Hello,

Did you publish the CVE for this Vulnerability? Cause i can not recognize the CVE assignet to it.

Thank you very much.

to join this conversation