phpservermon/phpservermon uses an insecure random number generator. The vulnerability exists in the generatePasswordResetToken
function of User.php
because of the insecure mt_rand
random number generator function which allows an attacker to guess the reset password hashes.
CPE | Name | Operator | Version |
---|---|---|---|
phpservermon/phpservermon | le | v3.5.2 | |
phpservermon/phpservermon | le | v3.5.2 |