Description
The Linear Congruential Generator (LCG) in PHP before 5.2.13 does not provide the expected entropy, which makes it easier for context-dependent attackers to guess values that were intended to be unpredictable, as demonstrated by session cookies generated by using the uniqid function.
Remediation
References
Related Vulnerabilities
WordPress Plugin Insert or Embed Articulate Content into WordPress Remote Code Execution (4.2997)
PHP Other Vulnerability (CVE-2015-4600)
Jboss EAP Deserialization of Untrusted Data Vulnerability (CVE-2019-16942)
WordPress Plugin Shopping Cart & eCommerce Store Multiple Security Bypass Vulnerabilities (3.0.20)