Critical severity9.8NVD Advisory· Published Feb 13, 2017· Updated May 13, 2026
CVE-2016-5100
CVE-2016-5100
Description
Froxlor before 0.9.35 uses the PHP rand function for random number generation, which makes it easier for remote attackers to guess the password reset token by predicting a value.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
froxlor/froxlorPackagist | < 0.9.35 | 0.9.35 |
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
3- github.com/Froxlor/Froxlor/commit/da4ec3e1b591de96675817a009e26e05e848a6banvdIssue TrackingPatchThird Party AdvisoryWEB
- github.com/advisories/GHSA-qj6h-m7xc-r2v3ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2016-5100ghsaADVISORY
News mentions
0No linked articles in our index yet.