Lucene search
HistoryOct 03, 2022 - 4:21 p.m.
CVE-2010-4728
cve-2010-4728
zikula
php
rand
srand
remote attackers
prediction
nvd
5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
6.9 Medium
AI Score
Confidence
Low
0.001 Low
EPSS
Percentile
46.4%
Zikula before 1.3.1 uses the rand and srand PHP functions for random number generation, which makes it easier for remote attackers to defeat protection mechanisms based on randomization by predicting a return value, as demonstrated by the authid protection mechanism.
Affected configurations
Node
zikulazikula_application_frameworkRange≤1.2.5
ORzikulazikula_application_frameworkMatch1.1.2
ORzikulazikula_application_frameworkMatch1.2.1
ORzikulazikula_application_frameworkMatch1.2.2
ORzikulazikula_application_frameworkMatch1.2.3
ORzikulazikula_application_frameworkMatch1.2.4
References
Related
openvas
openvas
Zikula Security bypass Vulnerability
2011-02-15 00:00:00
Zikula Security Bypass Vulnerability
2011-02-15 00:00:00
cvelist
cvelist
CVE-2010-4728
2022-10-03 16:21:05
prion
prion
Design/Logic Flaw
2011-02-08 22:00:00
nvd
nvd
CVE-2010-4728
2011-02-08 22:00:00
5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
6.9 Medium
AI Score
Confidence
Low
0.001 Low
EPSS
Percentile
46.4%
Related for CVE-2010-4728