Zikula Security Bypass Vulnerability Network Vulnerability

Summary

This host is running Zikula and is prone to security bypass vulnerability.

Impact

Successful exploitation will allow remote attackers to defeat protection mechanisms based on randomization by predicting a return value. Impact Level: Application.

Solution

Upgrade to the Zikula version 1.3.1 For updates refer to http://zikula.org/

Insight

The flaw exists due to errors in 'rand' and 'srand' PHP functions for random number generation

Affected

Zikula version prior to 1.3.1

Severity

Classification

CVE CVE-2010-4728
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:N/I:P/A:N

Related Vulnerabilities

AdaptCMS Lite Cross Site Scripting and Remote File Include Vulnerabilities
Apache Tomcat Information Disclosure Vulnerability
Apache Rave User Information Disclosure Vulnerability
Aker Secure Mail Gateway Cross-Site Scripting Vulnerability
Apache Tomcat Directory Listing and File disclosure

Zikula Security bypass Vulnerability

Take action and discover your vulnerabilities