CVE 2016-5100
Froxlor before 0.9.35 uses the PHP rand function for random number generation, which makes it easier for remote attackers to guess the password reset token by predicting a value.
See the
CVE page on Mitre.org
for more details.