VIR Vulnerability Intelligence Relay

CVE-2013-6386

medium
Published 2013-12-07 · Modified 2026-04-29
CVSS v3
CVSS v2
6.8
VIR risk
6.8

Description

Drupal 6.x before 6.29 and 7.x before 7.24 uses the PHP mt_rand function to generate random numbers, which uses predictable seeds and allows remote attackers to predict security strings and bypass intended restrictions via a brute force attack.

Predictions

Exploit likelihood
20%
Patch ETA

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: secalert@redhat.com — https://drupal.org/SA-CORE-2013-003

Application impact
VendorProductVersionsFixed
drupal drupaldrupal7.0
drupal drupaldrupal7.1
drupal drupaldrupal7.2
drupal drupaldrupal7.3
drupal drupaldrupal7.4
drupal drupaldrupal7.5
drupal drupaldrupal7.6
drupal drupaldrupal7.7
drupal drupaldrupal7.8
drupal drupaldrupal7.9
drupal drupaldrupal7.10
drupal drupaldrupal7.11
drupal drupaldrupal7.12
drupal drupaldrupal7.13
drupal drupaldrupal7.14
drupal drupaldrupal7.15
drupal drupaldrupal7.16
drupal drupaldrupal7.17
drupal drupaldrupal7.18
drupal drupaldrupal7.19
drupal drupaldrupal7.20
drupal drupaldrupal7.21
drupal drupaldrupal7.22
drupal drupaldrupal7.23
drupal drupaldrupal7.x-dev
drupal drupaldrupal6.0
drupal drupaldrupal6.1
drupal drupaldrupal6.2
drupal drupaldrupal6.3
drupal drupaldrupal6.4
drupal drupaldrupal6.5
drupal drupaldrupal6.6
drupal drupaldrupal6.7
drupal drupaldrupal6.8
drupal drupaldrupal6.9
drupal drupaldrupal6.10
drupal drupaldrupal6.11
drupal drupaldrupal6.12
drupal drupaldrupal6.13
drupal drupaldrupal6.14
drupal drupaldrupal6.15
drupal drupaldrupal6.16
drupal drupaldrupal6.17
drupal drupaldrupal6.18
drupal drupaldrupal6.19
drupal drupaldrupal6.20
drupal drupaldrupal6.21
drupal drupaldrupal6.22
drupal drupaldrupal6.23
drupal drupaldrupal6.24
drupal drupaldrupal6.25
drupal drupaldrupal6.26
drupal drupaldrupal6.27
drupal drupaldrupal6.28

References

CWEs

CWE-310

Verify integrity in audit chain (admin only). AS-IS.