header-logo
Suggest Exploit
vendor:
PHP
by:
Unknown
7.5
CVSS
HIGH
LCG Entropy
330
CWE
Product Name: PHP
Affected Version From: PHP versions prior to 5.2.13
Affected Version To:
Patch Exists: YES
Related CWE:
CPE: a:php:php
Metasploit:
Other Scripts:
Platforms Tested:
2010

PHP LCG Entropy Vulnerability

The PHP LCG (Linear Congruential) entropy vulnerability allows attackers to steal sessions or other sensitive data.

Mitigation:

Upgrade to PHP version 5.2.13 or later.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/38430/info

PHP is prone to a security vulnerability that affects LCG (Linear Congruential) entropy.

Attackers can exploit this issue to steal sessions or other sensitive data.

Versions prior to PHP 5.2.13 are affected. 

https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/33677.tar.gz