Bypass All Captchas in the application in thorsten/phpmyfaq


Reported on

Dec 14th 2022


Bypass Captcha while adding a new Proposal for a new FAQ or Add question ,And send unlimited request without submit captcha code.

Proof of Concept


cat send many requests in same time and This would mean that our network pipes are clogged handling many requests while slowing down our real customers.

We are processing your report and will contact the thorsten/phpmyfaq team within 24 hours. a year ago
thorsten/phpmyfaq maintainer has acknowledged this report a year ago
Thorsten Rinne validated this vulnerability a year ago
Mohamed Abdelhady has been awarded the disclosure bounty
The fix bounty is now up for grabs
The researcher's credibility has increased: +7
Thorsten Rinne marked this as fixed in 3.1.10 with commit fe6e9f a year ago
Thorsten Rinne has been awarded the fix bounty
This vulnerability has been assigned a CVE
This vulnerability is scheduled to go public on Jan 31st 2023
Thorsten Rinne published this vulnerability a year ago
to join this conversation