Zikula Security Bypass Vulnerability Network Vulnerability

Summary

This host is running Zikula and is prone to security bypass vulnerability.

Impact

Successful exploitation will allow remote attackers to defeat protection mechanisms based on randomization by predicting a return value. Impact Level: Application.

Solution

Upgrade to the Zikula version 1.3.1 For updates refer to http://zikula.org/

Insight

The flaw exists due to errors in 'rand' and 'srand' PHP functions for random number generation

Affected

Zikula version prior to 1.3.1

Severity

Classification

CVE CVE-2010-4728

CVSS	Base Score: 5.0 AV:N/AC:L/Au:N/C:N/I:P/A:N

Related Vulnerabilities

Admidio get_file.php Remote File Disclosure Vulnerability
Adobe ColdFusion Unspecified Information Disclosure Vulnerability
Adobe ColdFusion HTTP Response Splitting Vulnerability
Apache mod_proxy_ftp Wildcard Characters XSS Vulnerability
Ampache Reflected Cross Site Scripting Vulnerability

Zikula Security bypass Vulnerability

Take action and discover your vulnerabilities