CVE-2010-4728

Zikula before 1.3.1 uses the rand and srand PHP functions for random number generation, which makes it easier for remote attackers to defeat protection mechanisms based on randomization by predicting a return value, as demonstrated by the authid protection mechanism.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:N/I:P/A:N
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 56%
VendorProductVersion
zikulazikula_application_framework
𝑥
≤ 1.2.5
zikulazikula_application_framework
1.1.2
zikulazikula_application_framework
1.2.1
zikulazikula_application_framework
1.2.2
zikulazikula_application_framework
1.2.3
zikulazikula_application_framework
1.2.4
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://code.zikula.org/core/ticket/2009
http://code.zikula.org/core/ticket/2009