Zend

Zend Framework

27 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
8.8

CVE-2015-1786

  • EPSS 0.11%
  • Published 08.06.2017 21:29:00
  • Last modified 20.04.2025 01:37:25

Cross-site request forgery (CSRF) vulnerability in Zend/Validator/Csrf in Zend Framework 2.3.x before 2.3.6 via null or malformed token identifiers.

9.8

CVE-2016-6233

Exploit
  • EPSS 1.72%
  • Published 17.02.2017 02:59:13
  • Last modified 20.04.2025 01:37:25

The (1) order and (2) group methods in Zend_Db_Select in the Zend Framework before 1.12.19 might allow remote attackers to conduct SQL injection attacks via vectors related to use of the character pattern [\w]* in a regular expression.

9.8

CVE-2016-4861

Exploit
  • EPSS 3.98%
  • Published 17.02.2017 02:59:13
  • Last modified 20.04.2025 01:37:25

The (1) order and (2) group methods in Zend_Db_Select in the Zend Framework before 1.12.20 might allow remote attackers to conduct SQL injection attacks by leveraging failure to remove comments from an SQL statement before validation.

9.8

CVE-2016-10034

Exploit
  • EPSS 82.32%
  • Published 30.12.2016 19:59:00
  • Last modified 12.04.2025 10:46:40

The setFrom function in the Sendmail adapter in the zend-mail component before 2.4.11, 2.5.x, 2.6.x, and 2.7.x before 2.7.2, and Zend Framework before 2.4.11 might allow remote attackers to pass extra parameters to the mail command and consequently e...

9.8

CVE-2015-7695

  • EPSS 1.23%
  • Published 07.06.2016 14:06:10
  • Last modified 12.04.2025 10:46:40

The PDO adapters in Zend Framework before 1.12.16 do not filer null bytes in SQL statements, which allows remote attackers to execute arbitrary SQL commands via a crafted query.

7.8

CVE-2015-5723

  • EPSS 0.1%
  • Published 07.06.2016 14:06:08
  • Last modified 12.04.2025 10:46:40

Doctrine Annotations before 1.2.7, Cache before 1.3.2 and 1.4.x before 1.4.2, Common before 2.4.3 and 2.5.x before 2.5.1, ORM before 2.4.8 or 2.5.x before 2.5.1, MongoDB ODM before 1.0.2, and MongoDB ODM Bundle before 3.0.1 use world-writable permiss...

6.8

CVE-2015-5161

Exploit
  • EPSS 46.76%
  • Published 25.08.2015 17:59:03
  • Last modified 12.04.2025 10:46:40

The Zend_Xml_Security::scan in ZendXml before 1.0.1 and Zend Framework before 1.12.14, 2.x before 2.4.6, and 2.5.x before 2.5.2, when running under PHP-FPM in a threaded environment, allows remote attackers to bypass security checks and conduct XML e...

6.4

CVE-2014-2684

  • EPSS 0.57%
  • Published 16.11.2014 00:59:04
  • Last modified 12.04.2025 10:46:40

The GenericConsumer class in the Consumer component in ZendOpenId before 2.0.2 and the Zend_OpenId_Consumer class in Zend Framework 1 before 1.12.4 does not verify that the openid_op_endpoint value identifies the same Identity Provider as the provide...

5

CVE-2014-2683

  • EPSS 2.98%
  • Published 16.11.2014 00:59:03
  • Last modified 12.04.2025 10:46:40

Zend Framework 1 (ZF1) before 1.12.4, Zend Framework 2 before 2.1.6 and 2.2.x before 2.2.6, ZendOpenId, ZendRest, ZendService_AudioScrobbler, ZendService_Nirvanix, ZendService_SlideShare, ZendService_Technorati, and ZendService_WindowsAzure before 2....

6.8

CVE-2014-2682

  • EPSS 1.83%
  • Published 16.11.2014 00:59:02
  • Last modified 12.04.2025 10:46:40

Zend Framework 1 (ZF1) before 1.12.4, Zend Framework 2 before 2.1.6 and 2.2.x before 2.2.6, ZendOpenId, ZendRest, ZendService_AudioScrobbler, ZendService_Nirvanix, ZendService_SlideShare, ZendService_Technorati, and ZendService_WindowsAzure before 2....