| Title | newbee-ltd newbee-mall V1.0 Guessable CAPTCHA |
|---|
| Description | In newbee-mall, the CAPTCHA mechanism relies on the client explicitly requesting /common/mall/kaptcha to obtain a code. The CAPTCHA is reset only when /common/mall/kaptcha is accessed, which makes the validation ineffective. Attackers can bypass the intended protection by directly sending requests, allowing brute-force password attempts. |
|---|
| Source | ⚠️ https://github.com/newbee-ltd/newbee-mall/issues/101 |
|---|
| User | ez-lbz (UID 87033) |
|---|
| Submission | 09/03/2025 16:48 (7 months ago) |
|---|
| Moderation | 09/14/2025 08:32 (11 days later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 323857 [newbee-mall 1.0 /common/mall/kaptcha mallKaptcha Captcha] |
|---|
| Points | 18 |
|---|