atjiu pybbs
Moderate fix1 remedy
Moderate fix1 remedy
- <= 6.0.0
Atjiu Pybbs CAPTCHA Vulnerability in Verification Code Handler
Vulnerability
A CAPTCHA vulnerability has been identified in Atjiu Pybbs versions through 6.0.0. The issue resides in the Verification Code Handler for the adminlogin and login functions, where the CAPTCHA does not refresh automatically, allowing it to be reused. This flaw can be exploited remotely without authentication. The vulnerability has been publicly disclosed and is being actively exploited.
Impact
The vulnerability allows for CAPTCHA challenges to be guessed or automatically bypassed, facilitating brute-force attacks on usernames and passwords.
Reproduction
To reproduce this vulnerability, log into the application and navigate to the registration or login page. Use Burp Suite to intercept the request and manually remove the CAPTCHA verification before sending the request. This will bypass the CAPTCHA challenge, allowing for automated login or registration attempts.
Remediation
Users are advised to update to the latest version of Atjiu Pybbs, where this vulnerability has been patched.
Added: Aug 5, 2025, 5:18 AM
Updated: Aug 5, 2025, 5:18 AM
Vulnerability Rating
Custom Algorithm
spread
0.0impact
5.0exploitability
8.7remediation
7.7relevance
0.3threat
6.4urgency
2.9incentive
5.8Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.