Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2014-2265

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2014-2265
Last Modified 09 Apr 2014 12:17:57
Published 14 Mar 2014 06:55:06
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2014-2265

Summary

Rock Lobster Contact Form 7 before 3.7.2 allows remote attackers to bypass the CAPTCHA protection mechanism and submit arbitrary form data by omitting the _wpcf7_captcha_challenge_captcha-719 parameter.

Vulnerable Systems

Application

  • Rocklobster Contact Form 7 3.6

  • Rocklobster Contact Form 7 3.7

  • Rocklobster Contact Form 7 3.7.1


References

CONFIRM - http://contactform7.com/2014/02/26/contact-form-7-372/

CONFIRM - http://wordpress.org/plugins/contact-form-7/changelog

MISC - http://www.hedgehogsecurity.co.uk/2014/02/26/contactform7-vulnerability/


Last Updated: 27 May 2016 11:04:52