Design/Logic Flaw

The function mtrand is used to generate session tokens, this function is cryptographically flawed due to its nature being one pseudorandomness, an attacker can take advantage of the cryptographically insecure nature of this function to enumerate session tokens for accounts that are not under...

CVE-2021-27913

The CVE-2021-27913 issue is due to using PHP’s mt_rand to generate session tokens, which is cryptographically insecure and can enable enumeration of session tokens. Affected software is Mautic, specifically versions prior to 3.3.4 and versions prior to 4.0.0. The root cause is reliance on a non-c...

CVE-2021-39249

Invision Community aka IPS Community Suite or IP-Board before 4.6.5.1 allows reflected XSS because the filenames of uploaded files become predictable through a brute-force attack against the PHP mtrand function...

Cross site scripting

Invision Community aka IPS Community Suite or IP-Board before 4.6.5.1 allows reflected XSS because the filenames of uploaded files become predictable through a brute-force attack against the PHP mtrand function...

CVE-2021-39249

Invision Community aka IPS Community Suite or IP-Board before 4.6.5.1 allows reflected XSS because the filenames of uploaded files become predictable through a brute-force attack against the PHP mtrand function...

Invision Community 安全特征问题漏洞

Invision Community is a software for designing and developing mobile application UI from Invision, Inc. A security signature vulnerability exists in Invision Community, which originates in the product's mtrand function that enables brute-force attacks on uploaded files to predict file names. The...

Insecure Random Number Generation

yiisoft/yii2 is using insecure random number generation. The vulnerability exists because it uses the function mtrand in CaptchaAction.php which is a predictable Random Number algorithm for random bytes and int generation...

in yiisoft/yii2

✍️ Description Insecure randomness errors occur when a function that can produce predictable values is used as a source of randomness in security-sensitive context. In this case the function that generates weak random numbers is mtrand in BaseMailer.php at line 346. 🕵️‍♂️ Proof of Concept ?php echo...

in yiisoft/yii2

✍️ Description Insecure randomness errors occur when a function that can produce predictable values is used as a source of randomness in security-sensitive context. In this case the function that generates weak random numbers is mtrand in CaptchaAction.php at line 217. 🕵️‍♂️ Proof of Concept ?php...

in ampache/ampache

✍️ Description According to PHP official documents 1 we have for mtrand function an security issue that says "This function does not generate cryptographically secure values, and should not be used for cryptographic purposes" and as we see in permalinks you use the mtrand function for generate...

in beestat/app

✍️ Description The random number generator implemented by mtrand on session keys is not suitable for cryptographic purposes generation of tokens, passwords, or cryptographic keys either. mtrand function that produces predictable values is utilized as a source of randomness in a security-sensitive...

in phpservermon/phpservermon

✍️ Description The random number generator implemented by mtrand cannot withstand a cryptographic attack. Insecure randomness errors occur when a function that can produce predictable values is used as a source of randomness in security-sensitive context. In this case the function that generates...

in phpservermon/phpservermon

✍️ Description Insecure randomness errors occur when a function that can produce predictable values is used as a source of randomness in security-sensitive context. This code uses the rand function to generate "unique" identifiers for the receipt pages it generates. In this case the function that...

CVE-2018-18487

In \lib\admin\action\dataaction.class.php in Gxlcms v2.0, the database backup filename generation uses mtrand unsafely, resulting in predictable database backup file locations...

Fedora 26 : php (2018-6071a600e8)

PHP version 7.1.17 26 Apr 2018 Date: - Fixed bug php76131 mismatch arginfo for datecreate. carusogabriel Exif: - Fixed bug php76130 Heap Buffer Overflow READ: 1786 in exifiifaddvalue. Stas FPM: - Fixed bug php68440 ERROR: failed to reload: execvp failed: Argument list too long. Jacob Hipps - Fixe...

Fedora 27 : php (2018-d034538627)

PHP version 7.1.13 04 Jan 2018 Core: - Fixed bug php75573 Segmentation fault in 7.1.12 and 7.0.26. Laruence - Fixed bug php75384 PHP seems incompatible with OneDrive files on demand. Anatol - Fixed bug php74862 Unable to clone instance when private clone defined. Daniel Ciochiu - Fixed bug php750...

Fedora 26 : php (2018-c4e9207c31)

PHP version 7.1.13 04 Jan 2018 Core: - Fixed bug php75573 Segmentation fault in 7.1.12 and 7.0.26. Laruence - Fixed bug php75384 PHP seems incompatible with OneDrive files on demand. Anatol - Fixed bug php74862 Unable to clone instance when private clone defined. Daniel Ciochiu - Fixed bug php750...

Predictable Password Recovery

Moodle is vulnerable to predictable password recovery. The vulnerability exists because of not enough randomization of PHP mtrand function used in randomstring and complexrandomstring functions...

CVE-2015-5267

lib/moodlelib.php in Moodle through 2.6.11, 2.7.x before 2.7.10, 2.8.x before 2.8.8, and 2.9.x before 2.9.2 relies on the PHP mtrand function to implement the randomstring and complexrandomstring functions, which makes it easier for remote attackers to predict password-recovery tokens via a...

CVE-2015-5267

CVE-2015-5267 affects Moodle up to versions 2.6.11, 2.7.x before 2.7.10, 2.8.x before 2.8.8, and 2.9.x before 2.9.2. The vulnerability stems from using PHP’s mt_rand in the Moodle functions random_string and complex_random_string , which makes password-recovery tokens predictable by brute force. ...