CVEs-PoC/2008/CVE-2008-4107.md

### [CVE-2008-4107](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4107)
![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)

### Description

The (1) rand and (2) mt_rand functions in PHP 5.2.6 do not produce cryptographically strong random numbers, which allows attackers to leverage exposures in products that rely on these functions for security-relevant functionality, as demonstrated by the password-reset functionality in Joomla! 1.5.x and WordPress before 2.6.2, a different vulnerability than CVE-2008-2107, CVE-2008-2108, and CVE-2008-4102.

### POC

#### Reference
- http://securityreason.com/securityalert/4271

#### Github
No PoCs found on GitHub currently.