VYPR
Unrated severityNVD Advisory· Published Sep 4, 2024· Updated Sep 4, 2024

CVE-2024-44821

CVE-2024-44821

Description

ZZCMS 2023 contains a vulnerability in the captcha reuse logic located in /inc/function.php. The checkyzm function does not properly refresh the captcha value after a failed validation attempt. As a result, an attacker can exploit this flaw by repeatedly submitting the same incorrect captcha response, allowing them to capture the correct captcha value through error messages.

Affected products

2
  • Zzcms/Zzcmscpe-rescue2 versions
    (expand)+ 1 more
    • (no CPE)
    • (no CPE)range: 2023

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.