Description
The (1) rand and (2) mt_rand functions in PHP 5.2.6 do not produce cryptographically strong random numbers, which allows attackers to leverage exposures in products that rely on these functions for security-relevant functionality, as demonstrated by the password-reset functionality in Joomla! 1.5.x and WordPress before 2.6.2, a different vulnerability than CVE-2008-2107, CVE-2008-2108, and CVE-2008-4102.
Remediation
References
Related Vulnerabilities
Jboss EAP Improper Input Validation Vulnerability (CVE-2020-1732)
WordPress Plugin Post Indexer (WPMU DEV) Multiple Vulnerabilities (3.0.6.1)
Oracle HTTP Server Other Vulnerability (CVE-2021-41617)
Oracle Application Server CVE-2009-1011 Vulnerability (CVE-2009-1011)
Magento Improper Input Validation Vulnerability (CVE-2022-42344)