CVE-2010-1128

PHP < 5.2.13 - Insufficient Entropy in Linear Congruential Generator

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2010-1128. PoCs published by Rasmus.

AI-analyzed exploit summary This entry describes a vulnerability in PHP's LCG entropy mechanism affecting versions prior to 5.2.13, which could allow attackers to steal sessions or sensitive data. However, the provided content lacks actual exploit code or technical details.

Description

The Linear Congruential Generator (LCG) in PHP before 5.2.13 does not provide the expected entropy, which makes it easier for context-dependent attackers to guess values that were intended to be unpredictable, as demonstrated by session cookies generated by using the uniqid function.

Exploits (1)

exploitdb WRITEUP VERIFIED
by Rasmus · textdosphp
https://www.exploit-db.com/exploits/33677

This entry describes a vulnerability in PHP's LCG entropy mechanism affecting versions prior to 5.2.13, which could allow attackers to steal sessions or sensitive data. However, the provided content lacks actual exploit code or technical details.

Classification
Writeup 90%
Attack Type
Info Leak
Complexity
Theoretical
Reliability
Theoretical
Target: PHP < 5.2.13
No auth needed
Prerequisites: Access to session data or sensitive information generated by vulnerable PHP versions
mistral-large-3 · analyzed Feb 16, 2026 Full analysis →

References (8)

Core 8
Core References
Patch, Vendor Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2010/0479
Vendor Advisory x_refsource_confirm
http://www.php.net/releases/5_2_13.php
Vendor Advisory vendor-advisory x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2010-0919.html
Vendor Advisory x_refsource_confirm
http://www.php.net/ChangeLog-5.php
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/38708
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/38430
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/42410
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2010/3081

Scores

EPSS 0.0794
EPSS Percentile 94.0%

Details

CWE
CWE-310
Status published
Products (13)
php/php 5.2.0
php/php 5.2.1
php/php 5.2.2
php/php 5.2.3
php/php 5.2.4
php/php 5.2.5
php/php 5.2.6
php/php 5.2.7
php/php 5.2.8
php/php 5.2.9
... and 3 more
Published Mar 26, 2010
Tracked Since Feb 18, 2026