Description
SilverStripe 2.3.x before 2.3.10 and 2.4.x before 2.4.4 uses weak entropy when generating tokens for (1) the CSRF protection mechanism, (2) autologin, (3) "forgot password" functionality, and (4) password salts, which makes it easier for remote attackers to bypass intended access restrictions via unspecified vectors.
Remediation
References
Related Vulnerabilities
WordPress Plugin Support Ticket System Multiple SQL Injection Vulnerabilities (1.2)
Moodle CVE-2023-23923 Vulnerability (CVE-2023-23923)
Opencart Improper Restriction of XML External Entity Reference Vulnerability (CVE-2014-3990)
WordPress Plugin Product Addons & Fields for WooCommerce Cross-Site Scripting (18.3)
Oracle Database Server CVE-2008-0348 Vulnerability (CVE-2008-0348)