ID:11588 - Exploit for Cryptographic issues in PHP - CVE-2010-1128

Link to public exploit:

Vulnerability description

The vulnerability allows a remote non-authenticated attacker to read and manipulate data.

The Linear Congruential Generator (LCG) in PHP before 5.2.13 does not provide the expected entropy, which makes it easier for context-dependent attackers to guess values that were intended to be unpredictable, as demonstrated by session cookies generated by using the uniqid function.

Remediation