2017-05-19 18:00:00
mitre
PUBLISHED
/admin/loginc.php in Allen Disk 1.6 doesnt check if isset($_SESSION[captcha][code]) == 1, which leads to CAPTCHA bypass by emptying $_POST[captcha].