Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-3573


Vulnerability Score 5.0 5.0
CVE Id CVE-2008-3573
Last Modified 05 Sep 2008 12:00:00
Published 10 Aug 2008 04:41:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE



The CAPTCHA implementation in (1) Pligg 9.9.5 and possibly (2) Francisco Burzi PHP-Nuke 8.1 provides a critical random number (the ts_random value) within the URL in the SRC attribute of an IMG element, which allows remote attackers to pass the CAPTCHA test via a calculation that combines this value with the current date and the HTTP User-Agent string.

Vulnerable Systems


  • Php-nuke 8.1

  • Pligg 9.9.5


XF - pligg-captcha-security-bypass(44192)

BID - 30518


Last Updated: 27 May 2016 10:48:14