Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cveMitreCVE-2010-4728
HistoryFeb 08, 2011 - 10:00 p.m.

CVE-2010-4728

2011-02-0822:00:00
CWE-310
mitre
web.nvd.nist.gov
33
cve-2010-4728
zikula
php
rand
srand
remote attackers
prediction
nvd

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

AI Score

6.9

Confidence

Low

EPSS

0.002

Percentile

51.6%

JSON

Zikula before 1.3.1 uses the rand and srand PHP functions for random number generation, which makes it easier for remote attackers to defeat protection mechanisms based on randomization by predicting a return value, as demonstrated by the authid protection mechanism.

Affected configurations

Nvd
Node
zikulazikula_application_frameworkRange1.2.5
OR
zikulazikula_application_frameworkMatch1.1.2
OR
zikulazikula_application_frameworkMatch1.2.1
OR
zikulazikula_application_frameworkMatch1.2.2
OR
zikulazikula_application_frameworkMatch1.2.3
OR
zikulazikula_application_frameworkMatch1.2.4
VendorProductVersionCPE
zikulazikula_application_framework*cpe:2.3:a:zikula:zikula_application_framework:*:*:*:*:*:*:*:*
zikulazikula_application_framework1.1.2cpe:2.3:a:zikula:zikula_application_framework:1.1.2:*:*:*:*:*:*:*
zikulazikula_application_framework1.2.1cpe:2.3:a:zikula:zikula_application_framework:1.2.1:*:*:*:*:*:*:*
zikulazikula_application_framework1.2.2cpe:2.3:a:zikula:zikula_application_framework:1.2.2:*:*:*:*:*:*:*
zikulazikula_application_framework1.2.3cpe:2.3:a:zikula:zikula_application_framework:1.2.3:*:*:*:*:*:*:*
zikulazikula_application_framework1.2.4cpe:2.3:a:zikula:zikula_application_framework:1.2.4:*:*:*:*:*:*:*

Related

cvelist 1
openvas 2
prion 1
nvd 1
cvelist
cvelist
CVE-2010-4728
2011-02-08 21:00:00
openvas
openvas
Zikula Security bypass Vulnerability
2011-02-15 00:00:00
Zikula Security Bypass Vulnerability
2011-02-15 00:00:00
prion
prion
Design/Logic Flaw
2011-02-08 22:00:00
nvd
nvd
CVE-2010-4728
2011-02-08 22:00:00

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

AI Score

6.9

Confidence

Low

EPSS

0.002

Percentile

51.6%

JSON
Related for CVE-2010-4728
cvelist1openvas2prion1nvd1