Description

The search function in phpBB 2.x provides a search_id value that leaks the state of PHP's PRNG, which allows remote attackers to obtain potentially sensitive information, as demonstrated by a cross-application attack against WordPress, a different vulnerability than CVE-2006-0632.

Remediation

References

CVE-2008-4125

Related Vulnerabilities

WordPress Plugin 10Web Social Post Feed Unspecified Vulnerability (1.1.26)

YetiForce CRM Improper Input Validation Vulnerability (CVE-2021-4117)

WordPress Plugin WP Fastest Cache Cross-Site Scripting (0.8.5.5)

TCExam Other Vulnerability (CVE-2010-2153)

MediaWiki Use of Insufficiently Random Values Vulnerability (CVE-2023-22912)

Severity

Medium

Classification

CVE-2008-4125

Tags

Missing Update Known Vulnerabilities