Description

Zikula before 1.3.1 uses the rand and srand PHP functions for random number generation, which makes it easier for remote attackers to defeat protection mechanisms based on randomization by predicting a return value, as demonstrated by the authid protection mechanism.

Remediation

References

CVE-2010-4728

Related Vulnerabilities

WordPress Plugin KJM Admin Notices Cross-Site Scripting (2.0.1)

WordPress Plugin Social Sharing-Sassy Social Share Cross-Site Scripting (3.3.39)

Moodle Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2012-3395)

MySQL CVE-2016-5627 Vulnerability (CVE-2016-5627)

Moodle Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2022-45150)

Severity

Medium

Classification

CVE-2010-4728

Tags

Missing Update Known Vulnerabilities