Summary
This host is running Zikula and is prone to security bypass vulnerability.
Impact
Successful exploitation will allow remote attackers to defeat protection mechanisms based on randomization by predicting a return value.
Impact Level: Application.
Solution
Upgrade to the Zikula version 1.3.1
For updates refer to http://zikula.org/
Insight
The flaw exists due to errors in 'rand' and 'srand' PHP functions for random number generation
Affected
Zikula version prior to 1.3.1
Severity
Classification
-
CVE CVE-2010-4728 -
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:N/I:P/A:N
Related Vulnerabilities
- aeNovo Database Content Disclosure Vulnerability
- Apache CouchDB Cross Site Request Forgery Vulnerability
- Apache ActiveMQ Persistent Cross-Site Scripting Vulnerability
- Allegro RomPager HTTP Referer Header Cross Site Scripting Vulnerability
- Advantech WebAccess Multiple Stack Based Buffer Overflow Vulnerabilities