PHP Numeric Errors Vulnerability - CVE-2008-4107

The (1) rand and (2) mt_rand functions in PHP 5.2.6 do not produce cryptographically strong random numbers which allows attackers to leverage exposures in products that rely on these functions for security-relevant functionality as demonstrated by the password-reset functionality in Joomla 1.5.x and WordPress before 2.6.2 a different vulnerability than CVE-2008-2107 CVE-2008-2108 and CVE-2008-4102.