CVE 2016-5100

Froxlor before 0.9.35 uses the PHP rand function for random number generation, which makes it easier for remote attackers to guess the password reset token by predicting a value.

See the CVE page on Mitre.org for more details.