Skip to content

FriendlyCaptcha Plugin for TYPO3 Captcha Check Bypass

Moderate severity GitHub Reviewed Published Jun 21, 2024 to the GitHub Advisory Database • Updated Jun 24, 2024

Package

composer studiomitte/friendlycaptcha (Composer)

Affected versions

< 0.1.4

Patched versions

0.1.4

Description

An issue was discovered in the friendlycaptcha_official (aka Integration of Friendly Captcha) extension before 0.1.4 for TYPO3. The extension fails to check the requirement of the captcha field in submitted form data, allowing a remote user to bypass the captcha check. This only affects the captcha integration for the ext:form extension.

References

Published by the National Vulnerability Database Jun 21, 2024
Published to the GitHub Advisory Database Jun 21, 2024
Reviewed Jun 21, 2024
Last updated Jun 24, 2024

Severity

Moderate
5.3
/ 10

CVSS base metrics

Attack vector
Network
Attack complexity
Low
Privileges required
None
User interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
Low
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Weaknesses

CVE ID

CVE-2024-38873

GHSA ID

GHSA-jg62-h7pv-hxgv

Source code

Loading Checking history
See something to contribute? Suggest improvements for this vulnerability.