Description

The (1) rand and (2) mt_rand functions in PHP 5.2.6 do not produce cryptographically strong random numbers, which allows attackers to leverage exposures in products that rely on these functions for security-relevant functionality, as demonstrated by the password-reset functionality in Joomla! 1.5.x and WordPress before 2.6.2, a different vulnerability than CVE-2008-2107, CVE-2008-2108, and CVE-2008-4102.

Remediation

References

CVE-2008-4107

Related Vulnerabilities

WordPress Plugin wpDataTables-WordPress Data Table, Dynamic Tables & Table Charts (Premium) Security Bypass (6.3.2)

WordPress Plugin CataBlog 'category' Parameter Cross-Site Scripting (1.6.2)

Drupal Improper Access Control Vulnerability (CVE-2016-3165)

WordPress Plugin Form Maker by 10Web-Mobile-Friendly Drag & Drop Contact Form Builder CSV Injection (1.12.22)

Jboss EAP Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2018-14642)

Severity

Medium

Classification

CVE-2008-4107

Tags

Missing Update Known Vulnerabilities