Family: CGI abuses --> Category: attack
Drupal Captcha Bypass Vulnerability Vulnerability Scan
Vulnerability Scan Summary
Tries to bypass captcha when registering as a new user in Drupal
Detailed Explanation for this Vulnerability Test
The remote web server contains a PHP application that is affected by a
security bypass vulnerability.
The version of Drupal installed on the remote host includes at least
one third-party module that adds a 'captcha' to various forms such as
for user registration but which can be bypassed using a specially-
crafted 'edit[captcha_response]' parameter. As a result, a possible hacker
can script access to whatever forms the module is designed to protect
from automated abuse.
See also :
Upgrade to Drupal captcha module version 4.7-1.2 / 5.x-1.1 and/or
textimage module version 4.7-1.2 / 5.x-1.1 or later.
Low / CVSS Base Score : 2.3
Click HERE for more information and discussions on this network vulnerability scan.