Bypass All Captchas in the application in thorsten/phpmyfaq

Valid

Reported on

Dec 14th 2022

Description

Bypass Captcha while adding a new Proposal for a new FAQ or Add question ,And send unlimited request without submit captcha code.

Proof of Concept

https://drive.google.com/file/d/140CMe4FLFLBmIUUbI87_06bZ4_zs4d7N/view?usp=sharing

Impact

cat send many requests in same time and This would mean that our network pipes are clogged handling many requests while slowing down our real customers.

We are processing your report and will contact the thorsten/phpmyfaq team within 24 hours. a year ago

A thorsten/phpmyfaq maintainer has acknowledged this report a year ago

Thorsten Rinne validated this vulnerability a year ago

Mohamed Abdelhady has been awarded the disclosure bounty

The fix bounty is now up for grabs

The researcher's credibility has increased: +7

Thorsten Rinne marked this as fixed in 3.1.10 with commit fe6e9f a year ago

Thorsten Rinne has been awarded the fix bounty

This vulnerability has been assigned a CVE

This vulnerability is scheduled to go public on Jan 31st 2023

Thorsten Rinne published this vulnerability a year ago

to join this conversation