Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
5
CVSSv2

CVE-2008-4125

Published: 18/09/2008 Updated: 08/08/2017
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
VMScore: 445
Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

Vulnerability Summary

The search function in phpBB 2.x provides a search_id value that leaks the state of PHP's PRNG, which allows remote malicious users to obtain potentially sensitive information, as demonstrated by a cross-application attack against WordPress, a different vulnerability than CVE-2006-0632.

Vulnerable Product Search on Vulmon Subscribe to Product

phpbb phpbb 2

Vendor Advisories

Debian CVElist Bug Report Logs: CVE-2008-4125: phpbb2 leaks state of php random number generator
Debian Bug report logs - #500086 CVE-2008-4125: phpbb2 leaks state of php random number generator Package: phpbb2; Maintainer for phpbb2 is (unknown); Reported by: Stefan Fritsch <sf@sfritschde> Date: Wed, 24 Sep 2008 21:48:06 UTC Severity: grave Tags: security Found in version phpbb2/2021-7 Fixed in version phpbb2/20 ...

References

CWE-200NVD-CWE-noinfohttp://www.suspekt.org/2008/08/17/mt_srand-and-not-so-random-numbers/https://exchange.xforce.ibmcloud.com/vulnerabilities/45415https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=500086https://nvd.nist.gov
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-5248CVE-2024-3110CVE-2024-5552CVE-2024-29415HTML injectionCVE-2024-3095TCPtype confusionCVE-2024-1800
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook