2017-05-19 18:00:00
mitre
PUBLISHED
reg.php in Allen Disk 1.6 doesnt check if isset($_SESSION[captcha][code])==1, which makes it possible to bypass the CAPTCHA via an empty $_POST[captcha].