Description

Drupal 6.x before 6.29 and 7.x before 7.24 uses the PHP mt_rand function to generate random numbers, which uses predictable seeds and allows remote attackers to predict security strings and bypass intended restrictions via a brute force attack.

Remediation

References

CVE-2013-6386

Related Vulnerabilities

WordPress Plugin BuddyPress Extended Friendship Request Cross-Site Scripting (1.0.1)

OpenVPN AS Improper Check for Unusual or Exceptional Conditions Vulnerability (CVE-2020-36382)

Moodle Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2008-3325)

CrushFTP Server Improper Neutralization of CRLF Sequences ('CRLF Injection') Vulnerability (CVE-2017-14037)

WordPress Plugin WP RSS Multi Importer Multiple Cross-Site Request Forgery Vulnerabilities (3.11)

Severity

Medium

Classification

CVE-2013-6386

Tags

Missing Update Known Vulnerabilities