Description

The Linear Congruential Generator (LCG) in PHP before 5.2.13 does not provide the expected entropy, which makes it easier for context-dependent attackers to guess values that were intended to be unpredictable, as demonstrated by session cookies generated by using the uniqid function.

Remediation

References

CVE-2010-1128

Related Vulnerabilities

WordPress Plugin SupportEzzy Ticket System Cross-Site Scripting (1.2.5)

WordPress Plugin MDTF-Wordpress Meta Data & Taxonomies Filter Cross-Site Request Forgery (2.2.7.2)

Moodle Improper Access Control Vulnerability (CVE-2016-3729)

WordPress Plugin WooCommerce Quick Reports Cross-Site Scripting (1.0.6)

WordPress Plugin GigPress 'Notes' Field HTML Injection (2.1.10)

Severity

Medium

Classification

CVE-2010-1128

Tags

Missing Update Known Vulnerabilities