Vulnerabilities > CVE-2017-5214 - Incorrect Usage of Seeds in Pseudo-Random Number Generator (PRNG) vulnerability in Codextrous B2J Contact

CVSS 5.0 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

NONE

Availability impact

NONE

network

low complexity

codextrous

CWE-335

NVD

Published: 2017-05-17

Updated: 2019-10-03

Summary

The Codextrous B2J Contact (aka b2j_contact) extension before 2.1.13 for Joomla! allows prediction of a uniqid value based on knowledge of a time value. This makes it easier to read arbitrary uploaded files.

Vulnerable Configurations

Part	Description	Count
Application	Codextrous Codextrous B2J Contact *	1

Common Weakness Enumeration (CWE)

CWE-335 - Incorrect Usage of Seeds in Pseudo-Random Number Generator (PRNG)

Packetstorm

data source	https://packetstormsecurity.com/files/download/151029/joomlacodextrous2117-shell.txt
id	PACKETSTORM:151029
last seen	2019-01-08
published	2019-01-06
reporter	KingSkrupellos
source	https://packetstormsecurity.com/files/151029/Joomla-Codextrous-B2jcontact-2.1.17-Shell-Upload.html
title	Joomla Codextrous B2jcontact 2.1.17 Shell Upload

References

https://navixia.com/storage/app/media/uploaded-files/CVE/cve-2017-521415.txt