CVE-2024-38873
MEDIUMfriendlycaptcha < 0.1.4 - Unauthenticated Captcha Bypass in ext:form Integration
Title source: llmDescription
An issue was discovered in the friendlycaptcha_official (aka Integration of Friendly Captcha) extension before 0.1.4 for TYPO3. The extension fails to check the requirement of the captcha field in submitted form data, allowing a remote user to bypass the captcha check. This only affects the captcha integration for the ext:form extension.
References (1)
Core 1
Core References
Vendor Advisory
https://typo3.org/security/advisory/typo3-ext-sa-2024-004
Scores
CVSS v3
5.3
EPSS
0.0055
EPSS Percentile
41.9%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
yes
Technical Impact
partial
Details
CWE
CWE-284
Status
published
Products (1)
studiomitte/friendlycaptcha
0 - 0.1.4Packagist
Published
Jun 21, 2024
Tracked Since
Feb 18, 2026