Description
Drupal 6.x before 6.29 and 7.x before 7.24 uses the PHP mt_rand function to generate random numbers, which uses predictable seeds and allows remote attackers to predict security strings and bypass intended restrictions via a brute force attack.
Remediation
References
Related Vulnerabilities
Sqlite CVE-2019-19603 Vulnerability (CVE-2019-19603)
Moodle Permissions, Privileges, and Access Controls Vulnerability (CVE-2014-3546)
WordPress Plugin Telefication Server-Side Request Forgery (1.8.0)
PHP Improper Input Validation Vulnerability (CVE-2014-3480)
Moodle Authorization Bypass Through User-Controlled Key Vulnerability (CVE-2023-28334)