CVE-2006-0805

php-Nuke 6.0-7.9 - CAPTCHA Bypass via Fixed Challenge/Response Pairs

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-0805. PoCs published by waraxe.

AI-analyzed exploit summary This exploit demonstrates a CAPTCHA bypass in PHPNuke by submitting hardcoded values for 'random_num' and 'gfx_check' to bypass authentication checks. It allows brute-force attacks against the login page.

Description

The CAPTCHA functionality in php-Nuke 6.0 through 7.9 uses fixed challenge/response pairs that only vary once per day based on the User Agent (HTTP_USER_AGENT), which allows remote attackers to bypass CAPTCHA controls by fixing the User Agent, performing a valid challenge/response, then replaying that pair in the random_num and gfx_check parameters.

Exploits (1)

exploitdb WORKING POC VERIFIED
by waraxe · htmlwebappsphp
https://www.exploit-db.com/exploits/27249

This exploit demonstrates a CAPTCHA bypass in PHPNuke by submitting hardcoded values for 'random_num' and 'gfx_check' to bypass authentication checks. It allows brute-force attacks against the login page.

Classification
Working Poc 90%
Attack Type
Auth Bypass
Complexity
Trivial
Reliability
Reliable
Target: PHPNuke 7.8
No auth needed
Prerequisites: Access to the PHPNuke login page
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (5)

Core 5
Core References
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/16722
Third Party Advisory third-party-advisory x_refsource_sreason
http://securityreason.com/securityalert/455
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/425394/100/0/threaded
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/18936
Exploit, Vendor Advisory x_refsource_misc
http://www.waraxe.us/advisory-45.html

Scores

EPSS 0.0293
EPSS Percentile 85.3%

Details

Status published
Products (21)
francisco_burzi/php-nuke 6.0
francisco_burzi/php-nuke 6.5
francisco_burzi/php-nuke 6.5_beta1
francisco_burzi/php-nuke 6.5_final
francisco_burzi/php-nuke 6.5_rc1
francisco_burzi/php-nuke 6.5_rc2
francisco_burzi/php-nuke 6.5_rc3
francisco_burzi/php-nuke 6.6
francisco_burzi/php-nuke 6.7
francisco_burzi/php-nuke 6.9
... and 11 more
Published Feb 21, 2006
Tracked Since Feb 18, 2026