Описание
Zikula before 1.3.1 uses the rand and srand PHP functions for random number generation, which makes it easier for remote attackers to defeat protection mechanisms based on randomization by predicting a return value, as demonstrated by the authid protection mechanism.
Уязвимые конфигурации
Конфигурация 1Версия до 1.2.5 (включая)
Одно из
cpe:2.3:a:zikula:zikula_application_framework:*:*:*:*:*:*:*:*
cpe:2.3:a:zikula:zikula_application_framework:1.1.2:*:*:*:*:*:*:*
cpe:2.3:a:zikula:zikula_application_framework:1.2.1:*:*:*:*:*:*:*
cpe:2.3:a:zikula:zikula_application_framework:1.2.2:*:*:*:*:*:*:*
cpe:2.3:a:zikula:zikula_application_framework:1.2.3:*:*:*:*:*:*:*
cpe:2.3:a:zikula:zikula_application_framework:1.2.4:*:*:*:*:*:*:*
EPSS
Процентиль: 57%
0.00345
Низкий
5 Medium
CVSS2
Дефекты
CWE-310
Связанные уязвимости
github
больше 3 лет назад
Zikula before 1.3.1 uses the rand and srand PHP functions for random number generation, which makes it easier for remote attackers to defeat protection mechanisms based on randomization by predicting a return value, as demonstrated by the authid protection mechanism.
EPSS
Процентиль: 57%
0.00345
Низкий
5 Medium
CVSS2
Дефекты
CWE-310