Description

The Linear Congruential Generator (LCG) in PHP before 5.2.13 does not provide the expected entropy, which makes it easier for context-dependent attackers to guess values that were intended to be unpredictable, as demonstrated by session cookies generated by using the uniqid function.

Remediation

References

CVE-2010-1128

Related Vulnerabilities

WordPress Plugin Insert or Embed Articulate Content into WordPress Remote Code Execution (4.2997)

PHP Other Vulnerability (CVE-2015-4600)

phpMyAdmin Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') Vulnerability (CVE-2016-6631)

Jboss EAP Deserialization of Untrusted Data Vulnerability (CVE-2019-16942)

WordPress Plugin Shopping Cart & eCommerce Store Multiple Security Bypass Vulnerabilities (3.0.20)

Severity

Medium

Classification

CVE-2010-1128

Tags

Missing Update Known Vulnerabilities