Description
Vulnerability in the generation of session IDs in revive-adserver < 5.3.0, based on the cryptographically insecure uniqid() PHP function. Under some circumstances, an attacker could theoretically be able to brute force session IDs in order to take over a specific account.
Remediation
References
Related Vulnerabilities
MediaWiki Other Vulnerability (CVE-2005-0536)
WordPress Plugin Personalized WooCommerce Cart Page Cross-Site Request Forgery (2.4)
CrushFTP Server URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2017-14038)
WordPress Plugin Jigoshop Information Disclosure (1.17.9)
WordPress Plugin User Access Manager Cross-Site Scripting (1.2.6.7)