Description
Drupal 6.x before 6.29 and 7.x before 7.24 uses the PHP mt_rand function to generate random numbers, which uses predictable seeds and allows remote attackers to predict security strings and bypass intended restrictions via a brute force attack.
Remediation
References
Related Vulnerabilities
OpenSSL Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2017-3732)
WordPress Plugin File Manager Unspecified Vulnerability (4.1.4)
WordPress Plugin Simple Ads Manager PHP Object Injection (2.9.8.125)
WordPress Plugin Eu Cookie Notice Cross-Site Request Forgery (1.0.6)
Drupal Improper Access Control Vulnerability (CVE-2016-3165)