The default configuration of WebAPP before 0.9.9.5 has a CAPTCHA setting of "no," which makes it easier for automated programs to submit false data.Referenceshttp://osvdb.org/33294http://www.web-app.org/cgi-bin/index.cgi?action=viewnews&id=250http://www.vupen.com/english/advisories/2007/0604http://secunia.com/advisories/24080http://www.securityfocus.com/bid/22563
