Description

Drupal 6.x before 6.29 and 7.x before 7.24 uses the PHP mt_rand function to generate random numbers, which uses predictable seeds and allows remote attackers to predict security strings and bypass intended restrictions via a brute force attack.

Remediation

References

CVE-2013-6386

Related Vulnerabilities

WordPress Plugin Responsive Lightbox2 Cross-Site Scripting (1.0.2)

PrestaShop Improper Privilege Management Vulnerability (CVE-2023-43663)

WordPress Plugin Easy Plugin for AdSense Cross-Site Request Forgery (6.06)

WordPress 4.2.x PHP Object Injection (4.2 - 4.2.29)

WordPress Plugin Team Showcase Multiple Vulnerabilities (1.22.15)

Severity

Medium

Classification

CVE-2013-6386

Tags

Missing Update Known Vulnerabilities