CVE-2023-45292
MEDIUMmojotv/base64captcha < 1.3.6 - Insufficient Verification of Data Authenticity in Verify Function
Title source: llmDescription
When using the default implementation of Verify to check a Captcha, verification can be bypassed. For example, if the first parameter is a non-existent id, the second parameter is an empty string, and the third parameter is true, the function will always consider the Captcha to be correct.
References (4)
Core 4
Core References
Exploit, Issue Tracking
https://github.com/mojocn/base64Captcha/issues/120
Third Party Advisory
https://pkg.go.dev/vuln/GO-2023-2386
Scores
CVSS v3
5.3
EPSS
0.0030
EPSS Percentile
21.2%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Details
CWE
CWE-345
Status
published
Products (2)
mojocn/base64Captcha
0 - 1.3.6Go
mojotv/base64captcha
< 1.3.6
Published
Dec 11, 2023
Tracked Since
Feb 18, 2026