CVE-2016-3735 in Piwigoinfo

Zusammenfassung

von MITRE • 28.01.2022

Piwigo is image gallery software written in PHP. When a criteria is not met on a host, piwigo defaults to usingmt_rand in order to generate password reset tokens. mt_rand output can be predicted after recovering the seed used to generate it. This low an unauthenticated attacker to take over an account providing they know an administrators email address in order to be able to request password reset.

Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

Reservieren

30.03.2016

Veröffentlichung

28.01.2022

Moderieren

akzeptiert

Eintrag

VDB-191852

CPE

bereit

CWE

CWE-521 (bestätigt)

CVSS

5.0 (VulDB)

EPSS

0.01888

KEV

nein

Aktivitäten

very low

Sektor

Lawfirm, Agriculture, ...

Quellen

MITRE	https://www.cve.org/CVERecord?id=CVE-2016-3735
NVD	https://nvd.nist.gov/vuln/detail/CVE-2016-3735
CVE Details	https://www.cvedetails.com/cve/CVE-2016-3735/

◂ Zurück Übersicht Weiter ▸

Want to stay up to date on a daily basis?

Enable the mail alert feature now!