EIP-2026-110660

PRE-CVE

PHP Captcha / Securimage 2.0.2 - Authentication Bypass

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-110660. PoCs published by Sense of Security.

AI-analyzed exploit summary The advisory describes an authentication bypass vulnerability in PHPCaptcha (Securimage) due to insufficient distortion in the audio CAPTCHA, allowing attackers to decode the CAPTCHA via binary analysis of the MP3/WAV files. The issue can be exploited remotely without authentication by accessing the /secure_play.php URI.

Description

PHP Captcha / Securimage 2.0.2 - Authentication Bypass

Exploits (1)

exploitdb WRITEUP

by Sense of Security · textwebappsphp

https://www.exploit-db.com/exploits/17309

View Code ZIP pw:eip

The advisory describes an authentication bypass vulnerability in PHPCaptcha (Securimage) due to insufficient distortion in the audio CAPTCHA, allowing attackers to decode the CAPTCHA via binary analysis of the MP3/WAV files. The issue can be exploited remotely without authentication by accessing the /secure_play.php URI.

Classification

Writeup 90%

Attack Type

Auth Bypass

Complexity

Moderate

Reliability

Reliable

Target: PHPCaptcha (Securimage) 1.0.4 - 2.0.2

No auth needed

Prerequisites: Access to the /secure_play.php URI · Ability to analyze audio CAPTCHA files

MITRE ATT&CK

T1552 - Unsecured Credentials

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026