Total vulnerabilities in the database
The Linear Congruential Generator (LCG) in PHP before 5.2.13 does not provide the expected entropy, which makes it easier for context-dependent attackers to guess values that were intended to be unpredictable, as demonstrated by session cookies generated by using the uniqid function.
| Software | From | Fixed in |
|---|---|---|
| php / php | 5.2.9 | 5.2.9.x |
| php / php | 5.2.7 | 5.2.7.x |
| php / php | 5.2.2 | 5.2.2.x |
| php / php | 5.2.5 | 5.2.5.x |
| php / php | - | 5.2.12.x |
| php / php | 5.2.11 | 5.2.11.x |
| php / php | 5.2.6 | 5.2.6.x |
| php / php | 5.2.3 | 5.2.3.x |
| php / php | 5.2.0 | 5.2.0.x |
| php / php | 5.2.4 | 5.2.4.x |
| php / php | 5.2.10 | 5.2.10.x |
| php / php | 5.2.1 | 5.2.1.x |
| php / php | 5.2.8 | 5.2.8.x |