Description
Drupal 6.x before 6.29 and 7.x before 7.24 uses the PHP mt_rand function to generate random numbers, which uses predictable seeds and allows remote attackers to predict security strings and bypass intended restrictions via a brute force attack.
Remediation
References
Related Vulnerabilities
WordPress Plugin Contact Form Email Cross-Site Scripting (1.1.87)
WordPress Plugin Booking Calendar-Appointment Booking-BookIt Security Bypass (2.3.7)
MySQL Other Vulnerability (CVE-2005-2573)
PostgreSQL Untrusted Search Path Vulnerability (CVE-2020-10733)
WordPress Plugin teachPress Unspecified Vulnerability (5.0.17)