Description
Drupal 6.x before 6.29 and 7.x before 7.24 uses the PHP mt_rand function to generate random numbers, which uses predictable seeds and allows remote attackers to predict security strings and bypass intended restrictions via a brute force attack.
Remediation
References
Related Vulnerabilities
WordPress Plugin Responsive Lightbox2 Cross-Site Scripting (1.0.2)
PrestaShop Improper Privilege Management Vulnerability (CVE-2023-43663)
WordPress Plugin Easy Plugin for AdSense Cross-Site Request Forgery (6.06)
WordPress 4.2.x PHP Object Injection (4.2 - 4.2.29)
WordPress Plugin Team Showcase Multiple Vulnerabilities (1.22.15)