Main Vulnerability Database Vulnerabilities #VU93426

Improper access control in Integration of Friendly Captcha - CVE-2024-38873

Published: June 27, 2024

Vulnerability identifier: #VU93426

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2024-38873

CWE-ID: CWE-284

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: TYPO3

Affected software:
Integration of Friendly Captcha

Detailed vulnerability description

The vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.

The vulnerability exists due to the affected extension fails to check the requirement of the captcha field in submitted form data. A remote attacker can bypass the captcha check.

How to mitigate CVE-2024-38873

Install updates from vendor's website.

Sources

https://typo3.org/security/advisory/typo3-ext-sa-2024-004

Improper access control in Integration of Friendly Captcha - CVE-2024-38873

Detailed vulnerability description

How to mitigate CVE-2024-38873

Sources

Please verify you're human