GHSA-HX3M-959F-V849 ZendFramework local file inclusion vector in `Zend_View::setScriptPath()` and `render()`

ZendView is a component that utilizes PHP as a templating language. To utilize it, you specify "script paths" that contain view scripts, and then render view scripts by specifying subdirectories within those script paths; the output is then returned as a string value which may be cached or direct...

ZendFramework local file inclusion vector in `Zend_View::setScriptPath()` and `render()`

ZendView is a component that utilizes PHP as a templating language. To utilize it, you specify "script paths" that contain view scripts, and then render view scripts by specifying subdirectories within those script paths; the output is then returned as a string value which may be cached or direct...

Zend Framework -- multiple vulnerabilities

The Zend Framework team reports: Potential XSS or HTML Injection vector in ZendJson. Potential XSS vector in ZendServiceReCaptchaMailHide. Potential MIME-type Injection in ZendFileTransfer Executive Summary. Potential XSS vector in ZendFilterStripTags when comments allowed. Potential XSS vector i...

Zend Framework -- Local File Inclusion vulnerability in Zend_View::render()

Matthew Weier O'Phinney reports: A potential Local File Inclusion LFI vulnerability exists in the ZendView::render method. If user input is used to specify the script path, then it is possible to trigger the LFI. Note that Zend Framework applications that never call the ZendView::render method wi...