CVE-2010-5079
SilverStripe 2.3.x before 2.3.10 and 2.4.x before 2.4.4 use weak entropy when generating tokens for CSRF protection, autologin, forgot-password, and password salts. This weak randomness can allow remote attackers to bypass access controls via unspecified vectors. Affected versions should be upgra...