revive-adserver utilizes a PRNG for session-token generation, this means that an attacker could theoretically be able to generate session tokens at random and take over accounts at random.
References: https://www.php.net/manual/en/function.uniqid.php
This vulnerability is capable of allowing mass account takeover by having attackers generate other users’ session tokens.